On Monday, June 11, 2012 8:51:59 AM UTC-7, Sid Stamm wrote: > On 06/11/2012 03:36 AM, Gervase Markham wrote: > > On 11/06/12 11:11, Henri Sivonen wrote: > >> Could privacy be enhanced by having a Mozilla-hosted server bounce a > >> TLS connection to Google's API endpoint? That is, Mozilla would see > >> the user's IP address but wouldn't see the contents of the TLS > >> connection and Google would see the contents of the TLS connection > >> (the data about the downloaded file) but wouldn't see the user's IP > >> address. > > > > That's a really interesting idea. > > Yes, it is! One thing we should verify is whether or not these URL > pings are followed with a response about the safety of the URL. If we > stand up a bouncer, we'll add latency to any response when users ping, > and that may not be optimal. > > I've asked the Google team for more technical detail about their API > (and if they are reading this, they should feel free to point to it > here) so we see if there's anything we'd be trading for bouncing. > > -Sid
Hi All, Sorry for the late response. Regarding the TLS bouncing idea. As the reputation system derives features in part from the submitted pings, it's important for us to be able to detect abusive reputation requests. The source IP is a very meaningful feature for detecting spammy requests. Furthermore, if we get requests from a sufficient number of users for the same url, we may also attempt to fetch it to feed the binary into our analysis system. I would like to emphasize that this data is only kept for two weeks and is subject to strict access controls. A trusted proxy run by Mozilla might be an option if it did its own meaningful spam filtering and additionally provided us at least with the /24 of the source IP address from the original requester. thanks Moheeb _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
