[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The Spirit of Free Software, or The Reality

On Wed, Jul 15, 2015 at 02:18:08PM +0200, Bas Wijnen wrote:
> On Wed, Jul 15, 2015 at 01:26:16PM +0900, Mike Hommey wrote:
> > On Wed, Jul 15, 2015 at 03:51:42AM +0200, Bas Wijnen wrote:
> > > On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote:
> > > > POST https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key
> > > > + a few dozens of GET requests to https://safebrowsing.google.com/
> > > > 
> > > > So nothing serious here. It's just casually violating your privacy.
> > > 
> > > I disagree that the safebrowsing part is not serious, especially considering
> > > that it continues to send a message there on every new page you visit.  Best
> > > case the only thing that happens is that Google checks that you aren't visiting
> > > a dangerous site.  But really?  Does anyone believe that Google does not store
> > > this data to monitor browsing habits?
> > 
> > FUD is easy. How about documenting yourself on how Safe browsing
> > actually works?
> 
> Please don't be so harsh.  FUD is about trying to mislead people into thinking
> untrue bad things about someone.  I have no bad intentions, and I don't see why
> you would think that I do.

Because you were misleading people into thinking untrue bad things about
safe browsing.

(snip)
 
> As Jakub was saying: just starting it up without even visiting a site yet will
> do a POST and a *few dozen* GET requests.  Shouldn't it be waiting with its
> checks until it actually knows what to check?  What is it sending them at
> browser startup?

I'm not sure which version of the protocol iceweasel uses nowadays, but
this is the protocol spec for v2.2:
https://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec

Using a POST is part of that.

If you're interested in knowing exactly what's going over the wire, you
can go enable the browser toolbox and watch all the network requests the
browser does.

https://developer.mozilla.org/en-US/docs/Tools/Browser_Toolbox

> So I wanted to make it stop; I can live without the safe browsing feature.  I
> couldn't find it anywhere in the regular preferences.

Security > Block reported attach sites
and
Security > Block reported web forgeries

Mike
Reply to: