Re: Re: The Spirit of Free Software, or The Reality

To: Christoph Riehl <C.Riehl@micromotor.ch>
Cc: "debian-devel@lists.debian.org" <debian-devel@lists.debian.org>
Subject: Re: Re: The Spirit of Free Software, or The Reality
From: Mike Hommey <mh@glandium.org>
Date: Thu, 16 Jul 2015 06:53:57 +0900
Message-id: <[🔎] 20150715215357.GA19084@glandium.org>
Mail-followup-to: Christoph Riehl <C.Riehl@micromotor.ch>, "debian-devel@lists.debian.org" <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 55A68134.1030801@micromotor.ch>
References: <[🔎] 20150715042615.GA20918@glandium.org> <[🔎] 55A68134.1030801@micromotor.ch>

On Wed, Jul 15, 2015 at 03:50:18PM +0000, Christoph Riehl wrote:
>  > On Wed, Jul 15, 2015 at 03:51:42AM +0200, Bas Wijnen wrote:
>  > > On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote:
>  > > > POST 
> https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key
>  > > > + a few dozens of GET requests to https://safebrowsing.google.com/
>  > > >
>  > > > So nothing serious here. It's just casually violating your privacy.
>  > >
>  > > I disagree that the safebrowsing part is not serious, especially 
> considering
>  > > that it continues to send a message there on every new page you 
> visit.  Best
>  > > case the only thing that happens is that Google checks that you 
> aren't visiting
>  > > a dangerous site.  But really?  Does anyone believe that Google 
> does not store
>  > > this data to monitor browsing habits?
>  >
>  > FUD is easy. How about documenting yourself on how Safe browsing
>  > actually works? Hint: urls are _never_ sent to Google. The worst thing
>  > that Google can know is that the _hash_ of /some/ url you went to, 
> has the
>  > first n bits matching the first n bits of the hash of one (or multiple)
>  > of the known malware of phishing urls. Nothing more.
> 
> Yeah, it's not like google would have a giant scanning tool that 
> downloads the content, processes, parses, classifies every web page out 
> there.
> Google will of course never ever generate and store in one of their 
> databases a hash of the url of each page they process. No, never ever 
> they will do that.
> Also, google will never ever store your requests. They never store 
> anything for tra(ffi)cking.

Let's say they do. So what? The only thing they can get from the first n
bits of the hash is that you visited one of possibly hundreds of
thousands of urls with the same hash first n bits that also matches the
first n bits of the hash of some known malware. Wow, that's going to
make tracking so much easier than, say, ads or analytics.

Mike

Reply to:

References:
- Re: The Spirit of Free Software, or The Reality
  - From: Mike Hommey <mh@glandium.org>
- Re: Re: The Spirit of Free Software, or The Reality
  - From: Christoph Riehl <C.Riehl@micromotor.ch>

Prev by Date: Bug#792534: ITP: pd-flext -- Flext C++ external layer for Pd (and similar)
Next by Date: Re: The Spirit of Free Software, or The Reality
Previous by thread: Re: Re: The Spirit of Free Software, or The Reality
Next by thread: Re: The Spirit of Free Software, or The Reality
Index(es):
- Date
- Thread