[Mageia-dev] Talk of Browsers
Tux99
tux99-mga at uridium.org
Fri Oct 1 07:43:11 CEST 2010
On Thu, 30 Sep 2010, Pascal Terjan wrote:
> Well the complexity of the protocol is to allow firefox to download
> only needed part of the blacklist, without sending the url to google
> and without downloading a huge list periodically.
> All the information passed by firefox to google is which chunk of the
> list it wants do download, this being determined by the beginning of
> the hash of the url.
> It would indeed be simpler to send the url.
Can you state as a fact that Google has no way to reproduce the url or
at least the domain name of the site the user is visiting based on the
information passed on by this Firefox feature to Google?
I don't think this can be said with certainty, thanks to the complexity
of the protocol.
In any case, regardless what data gets passed on, I think we should
follow the principle of making sure that apps only interact with remote
services when the user is aware of it, i.e. INFORMED CONSENT, like I
mentioned in the previous mail.
Therefore any features that interact automatically with remote services
without the informed consent of the user should be disabled by default.
(the user is still free to enable them at any time, so we are not
limiting the user in any way)
The following article makes it very clear why this is always a good
practice to follow:
http://arstechnica.com/security/news/2010/09/some-android-apps-found-to-covertly-send-gps-data-to-advertisers.ars
More information about the Mageia-dev
mailing list