Politech mailing list archives

Previous By Date Next
Previous By Thread Next

Microsoft is hardly alone: more on anti-phishing tools and privacy [priv]

From: Declan McCullagh <declan () well com>
Date: Tue, 13 Sep 2005 11:06:07 -0300
Previous Politech message:
http://www.politechbot.com/2005/09/10/phishing-tool-sends/

-------- Original Message --------
Subject: Re: [Politech] Microsoft anti-phishing tool sends Microsoft a list of sites visited [priv] 
Date: Sun, 11 Sep 2005 08:35:50 +0200
From: Matthias Leisi <matthias () leisi net>
To: Declan McCullagh <declan () well com>
References: <432326D1.6020207 () well com>

Dear Declan,


This article says that Microsoft's new anti-phishing filter will work by
sending Microsoft the address of every site visited that is not already on a 
safe/unsafe list.  It quotes the EFF worrying that this is "a wholesale
handing over of one's privacy to Microsoft."


Microsoft is not the only (and by far not the first) to introduce such a
functionality. Both the Google and the Netcraft toolbars work just like
that, and even DNS-based Blocklists used mainly in mailservers allow to
  track the Blocklist operators to observe usage patterns.

Such toolbars and tools are technically indistinguishable from spyware -
the difference being only the trustworthiness of the entitiy receiving
the data. Singling out Microsoft on that aspect may well be justified,
but other than that, the article is highly misleading in that it ignores
the general implications of user-triggered server-based filtering.

Having said that, weighing the two evils - the threat of phishing vs.
the possible tracking of usage patterns - server-based filtering still
seems to be a good trade-off. In the situation at hand, server-based
filtering is technically efficient (no need to download potentially huge
lists with it's delayed detection of fraudulent sites), and the local
caching of known-good / -bad sites reduces the tracking options on the
server considerably.

Regards,
-- Matthias

--
SIUG - Swiss Internet User Group - http://www.siug.ch/
Personal Blog: http://matthias.leisi.net/
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
Previous By Date Next
Previous By Thread Next

Current thread: