[anti-abuse-wg] Google Privacy Abuse
- Previous message (by thread): [anti-abuse-wg] Google Privacy Abuse
- Next message (by thread): [anti-abuse-wg] Google Privacy Abuse
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ac
ac at main.me
Sat Mar 16 09:23:30 CET 2019
this thread: Google Privacy Abuse has NOTHING to do with safebrowsing and you are either deliberately causing obfuscation or you are legit in your own confusion? Simply: In my original post I included a link to slashgear.com Please do read my initial post. Then, regarding https URL's: It is a simple technical fact that ISP's etc - Do Not Have, receive or are able to read the actual URL. - Please do see the https protocol itself, for additional information. You are correct in only one of your assertions and your feelings: I agree 100% that this is an important topic On Fri, 15 Mar 2019 20:37:04 +0100 Serge Droz via anti-abuse-wg <anti-abuse-wg at ripe.net> wrote: > Your assertion is wrong: > > Google safebrowsing works by comparing the URL to a local list, which > the browser downloads from Google's Servers. Browser do not send the > URL to Google for checking. > > See for example > > https://superuser.com/questions/832608/what-is-being-send-to-received-from-safebrowsing-google-com-when-i-open-firefo > > > Some ISPs in the US collect URLs from http traffic, but not https > traffic, the later does not work. THat is indeed concerneing, but has > nothing to do with Google. > > What Google or other see, however is URLs going through URL > shortners,, or the urls you click on a Google page. > > Also trackers, embedded in many websites deliver info back to Google > (or whatever tracker site). This again something that should be made > a bit more transparent. > > I do feel it is very important to base any discussions surrounding the > important topics discussed on this list on verifiable facts and not on > claims or fear. > > > Best > Serge > > > > > On 15/03/2019 13:41, Fi Shing wrote: > > /"And no, You are also wrong: Opera does not upload your visited > > URL's to a third party server."/ > > > > If opera (like chrome, edge or firefox) check the URL to see if it > > is "dangerous" (a phishing URL etc) then that is logged on their > > end, when it checks the database to see if the link has been > > flagged. > > > > This is the price that people pay for "free" browsers. > > > > Google protects you from "phishing websites", whilst archiving your > > website access, and then sells that as marketing data to who ever > > will buy it. > > > > > > > > > > > > > > > > -------- Original Message -------- > > Subject: Re: [anti-abuse-wg] Google Privacy Abuse > > From: ac <ac at main.me <mailto:ac at main.me>> > > Date: Thu, March 14, 2019 8:16 pm > > To: anti-abuse-wg at ripe.net <mailto:anti-abuse-wg at ripe.net> > > > > Hi Esa, > > > > No, you are wrong... the URL's are not available to anyone. > > > > What is available to the ISP is the domain name lookup. (this > > is also available to the DNS servers, etc - just the domain name) > > > > And no, You are also wrong: Opera does not upload your visited > > URL's to a third party server. > > > > Up to now, nobody has even tried this as it is abuse / abusive > > > > HTTPS URL's, themselves frequently contain personal data and > > other sensitive info, as the URL itself is supposes to be part of > > the encrypted session. > > > > And, this is the whole point of all of this. > > > > If Google starts saving all URL's and link that with the local > > cache (because they control the local software), the effect will be > > an increase > > in speed (as the media does not have to come over the encrypted > > session) > > > > This will probably eventually FORCE Opera/Firefox/insert name > > here - to also operate in this fashion, as users will want the > > speed - and they will not know that it is less secure / less > > private, etc. > > > > This is a major issue and not a small issue, it will eventually > > affect all of us. > > > > for example, one of my bank URL at login is: > > > > https://nameofbank.com/login > > > > then, later in the session: > > https://nameofbank.com/?id=x&transfer=1 > > etc etc > > > > This, right now, is not an issue as the URL itself is encrypted > > > > it is a major invasion of privacy that a third party vendor, > > supplying "free" software is also now recording url's which gives > > them two advantages over the ethical software providers. Not only > > that but that their "innovation" of breaking the HTTPS protocol, > > may force other vendors to go down the same path as the "consumers" > > are too lazy or uninformed to understand what it happening. > > > > If society does nothing about this case of a multinational > > leveraging people > > against people's bad behavior (or poor choices - as Ronald > > said: use a different browser) this will eventually affect us all. > > > > On Thu, 14 Mar 2019 09:53:47 +0100 > > Esa Laitinen <esa at laitinen.org <mailto:esa at laitinen.org>> wrote: > > > > > On Thu, Mar 14, 2019 at 6:05 AM ac <ac at main.me > > > <mailto:ac at main.me>> wrote: > > > > HTTPS protocol, by design, is secure and private. > > > > > > > > The average consumer expects this to be true. > > > > > > > > Google had to actually go and change, in an "under cover" > > > > way, the entire way and method that HTTPS works. This > > > > "change" is being sold as a "good thing" to poor people > > > > and/or people with low bandwidth and that Google is doing a > > > > "good thing" by making this change. > > > > > > Dear Andre > > > > > > The URLs you're accessing are also available for > > > > > > - your ISP > > > - your VPN provider (unless you've rolled your own) > > > and some information is also potentially stored by > > > - your DNS provider > > > > > > And Opera browser has been doing similar things when you've > > > enabled the bandwidth savings. > > > > > > or am I missing something? > > > > > > OK. I'm ignoring here that this particular thingi is using > > > MITM methods to do the optimization, which is for me a bit > > > more worrying than google having access to the URLs I browse. > > > They have them mostly anyway. > > > > > > But, it is a choice a user makes, it is not forced upon them. > > > > > > > > > Yours, > > > > > > esa > > > > > > > > > > > > > >
- Previous message (by thread): [anti-abuse-wg] Google Privacy Abuse
- Next message (by thread): [anti-abuse-wg] Google Privacy Abuse
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]