On Friday 27 May 2005 06:04, Nelson B wrote: > Duane wrote: > > Ian G wrote: > >>Firefox users snap up Netcraft's antiphishing toolbar > >> Netcraft's toolbar blocks access to reported phishing sites > > > > I grabbed it, tried it and promptly uninstalled it based on how much > > information was leaking like a submarine with screen doors back to > > netcraft... > > > > Something like it is needed, but without telling everyone in the world > > what sites you visit so they can profile you, and not from web logs or > > bugs but from your own installation... > > I'm in complete agreement with you on this issue, Duane. > IMO, spyware is worse than the problems it may claim to solve.
Right. That's *your* preferences. As a fundamental tenet of security the developers, designers and implementors do not know the user's risk preferences, except under certain exceptions. For many users, a little spyware is likely a good choice if it saves them from being phished. Spyware clogs the machine and might result in a barrage of advertising enticements, but phishing steals money and significant amounts of it. I guess everyone knows someone who's been ID thieved at this stage? Ask them... As phishing spreads through the public consciousness, anything that says "this will protect you from phishing" will be attractive enough to overcome annoying issues like spyware. So what is going to happen is that *users* will likely judge Firefox as safer with the Netcraft toolbar than without. If Mozilla's opinion is the reverse of user's judgement, then you are staring at a schism - users care about phishing and Mozilla doesn't. Is there foundation for this outrageous statement? Sure, that's why I emphasised "60,000 downloads in hours." And, both petname and trustbar were roundly rejected by the Mozilla security community. Strike two. Make it three? iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
