On Sat, Jun 9, 2012 at 1:02 AM, Sid Stamm <[email protected]> wrote: > I think we should implement a windows application reputation extension > to Safe Browsing -- to help detect malicious binaries users download and > for those we know are safe, stop prompting users.
Sending data about the user's browsing behavior to Google seems like a problem in principle on a potential risk of user backlash. It seems like a bad idea to do that without explicit opt in. If I recall correctly, IE9 on the first run explicitly asks about enabling the Smart Screen Filter, which sends data about downloads to Microsoft. Could privacy be enhanced by having a Mozilla-hosted server bounce a TLS connection to Google's API endpoint? That is, Mozilla would see the user's IP address but wouldn't see the contents of the TLS connection and Google would see the contents of the TLS connection (the data about the downloaded file) but wouldn't see the user's IP address. About potential user backlash: even though both Microsoft and Google have a feature like this in IE and Chrome, Mozilla who could still face a user backlash from doing this sort of thing in Firefox. If Firefox sends data to Google just like Chrome, Firefox loses the advantage of not sending data to Google relative to Chrome. As for Microsoft, they have the explicit opt in mentioned above. The feature page talks about only checking applications and not documents. I take it to that documents that exploit buffer overflows in applications that open them are not part of the threat model being addressed. How would an application be defined for the purposes of Firefox deciding whether to check a file? -- Henri Sivonen [email protected] http://hsivonen.iki.fi/ _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
