[Mageia-dev] Talk of Browsers

Tux99 tux99-mga at uridium.org
Fri Oct 1 06:27:27 CEST 2010


On Fri, 1 Oct 2010, Ahmad Samir wrote:

> A bit off-topic, but first you should answer pterjan's question
> here[1]: “Look at the code and show me a place where any URL is sent
> to Google.”
> 
> [1] http://lists.mandriva.com/cooker/2010-08/msg00461.php

Well, given the size of the source code of Firefox and the fact that I'm 
not familiar with it, that would be like searching for a needle in a 
haystack.

What I did though is read the specs of the protocol that implements this 
'feature' and I must say that it's not entirely clear what information 
Firefox passes on to Google when contacting the Google 'safe-browsing' 
databse. The current version of the protocol seems very complicated to 
me, I'd say unnecessarily complicated, which is not what you would want 
from a potentially privacy-sensitive feature.

( http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec )

The fact remains that when this feature is enabled, Firefox interacts 
with a Google service, without the user being aware of it.

My main point is, any program (not just Firefox) that contacts a remote 
service (where it's not obvious for the user) should notify the user 
about this with a dialog box before doing so the first time, asking 
for the informed consent of the user.

In fact this could be a strong unique selling point of Mageia, if we 
make sure that all Mageia packages are configured by default to respect 
the user's privacy and to always request consent from the user before 
connecting to remote services.

A slogan could be: 
"Mageia the Linux distro that takes your privacy seriously"

Drakrpm is a good example on how to do it correctly, since before 
setting up the list of mirrors it asks the user for consent to contact 
the Mandriva site to download the list of mirrors.



More information about the Mageia-dev mailing list