On Thu, 30 Sep 2010, Pascal Terjan wrote: > Well the complexity of the protocol is to allow firefox to download > only needed part of the blacklist, without sending the url to google > and without downloading a huge list periodically. > All the information passed by firefox to google is which chunk of the > list it wants do download, this being determined by the beginning of > the hash of the url. > It would indeed be simpler to send the url.
Can you state as a fact that Google has no way to reproduce the url or at least the domain name of the site the user is visiting based on the information passed on by this Firefox feature to Google? I don't think this can be said with certainty, thanks to the complexity of the protocol. In any case, regardless what data gets passed on, I think we should follow the principle of making sure that apps only interact with remote services when the user is aware of it, i.e. INFORMED CONSENT, like I mentioned in the previous mail. Therefore any features that interact automatically with remote services without the informed consent of the user should be disabled by default. (the user is still free to enable them at any time, so we are not limiting the user in any way) The following article makes it very clear why this is always a good practice to follow: http://arstechnica.com/security/news/2010/09/some-android-apps-found-to-covertly-send-gps-data-to-advertisers.ars