[Mageia-dev] Talk of Browsers

Fri Oct 1 07:43:11 CEST 2010

On Thu, 30 Sep 2010, Pascal Terjan wrote:
+
+> Well the complexity of the protocol is to allow firefox to download
+> only needed part of the blacklist, without sending the url to google
+> and without downloading a huge list periodically.
+> All the information passed by firefox to google is which chunk of the
+> list it wants do download, this being determined by the beginning of
+> the hash of the url.
+> It would indeed be simpler to send the url.
+
+Can you state as a fact that Google has no way to reproduce the url or 
+at least the domain name of the site the user is visiting based on the 
+information passed on by this Firefox feature to Google?
+I don't think this can be said with certainty, thanks to the complexity 
+of the protocol.
+
+In any case, regardless what data gets passed on, I think we should 
+follow the principle of making sure that apps only interact with remote 
+services when the user is aware of it, i.e. INFORMED CONSENT, like I 
+mentioned in the previous mail.
+
+Therefore any features that interact automatically with remote services 
+without the informed consent of the user should be disabled by default.
+(the user is still free to enable them at any time, so we are not 
+limiting the user in any way)
+
+The following article makes it very clear why this is always a good 
+practice to follow:
+http://arstechnica.com/security/news/2010/09/some-android-apps-found-to-covertly-send-gps-data-to-advertisers.ars
+
+