This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] Google Privacy Abuse
- Previous message (by thread): [anti-abuse-wg] Google Privacy Abuse
- Next message (by thread): [anti-abuse-wg] Google Privacy Abuse
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ac
ac at main.me
Sat Mar 16 09:23:30 CET 2019
this thread: Google Privacy Abuse has NOTHING to do with safebrowsing and you are either deliberately causing obfuscation or you are legit in your own confusion? Simply: In my original post I included a link to slashgear.com Please do read my initial post. Then, regarding https URL's: It is a simple technical fact that ISP's etc - Do Not Have, receive or are able to read the actual URL. - Please do see the https protocol itself, for additional information. You are correct in only one of your assertions and your feelings: I agree 100% that this is an important topic On Fri, 15 Mar 2019 20:37:04 +0100 Serge Droz via anti-abuse-wg <anti-abuse-wg at ripe.net> wrote: > Your assertion is wrong: > > Google safebrowsing works by comparing the URL to a local list, which > the browser downloads from Google's Servers. Browser do not send the > URL to Google for checking. > > See for example > > https://superuser.com/questions/832608/what-is-being-send-to-received-from-safebrowsing-google-com-when-i-open-firefo > > > Some ISPs in the US collect URLs from http traffic, but not https > traffic, the later does not work. THat is indeed concerneing, but has > nothing to do with Google. > > What Google or other see, however is URLs going through URL > shortners,, or the urls you click on a Google page. > > Also trackers, embedded in many websites deliver info back to Google > (or whatever tracker site). This again something that should be made > a bit more transparent. > > I do feel it is very important to base any discussions surrounding the > important topics discussed on this list on verifiable facts and not on > claims or fear. > > > Best > Serge > > > > > On 15/03/2019 13:41, Fi Shing wrote: > > /"And no, You are also wrong: Opera does not upload your visited > > URL's to a third party server."/ > > > > If opera (like chrome, edge or firefox) check the URL to see if it > > is "dangerous" (a phishing URL etc) then that is logged on their > > end, when it checks the database to see if the link has been > > flagged. > > > > This is the price that people pay for "free" browsers. > > > > Google protects you from "phishing websites", whilst archiving your > > website access, and then sells that as marketing data to who ever > > will buy it. > > > > > > > > > > > > > > > > -------- Original Message -------- > > Subject: Re: [anti-abuse-wg] Google Privacy Abuse > > From: ac <ac at main.me <mailto:ac at main.me>> > > Date: Thu, March 14, 2019 8:16 pm > > To: anti-abuse-wg at ripe.net <mailto:anti-abuse-wg at ripe.net> > > > > Hi Esa, > > > > No, you are wrong... the URL's are not available to anyone. > > > > What is available to the ISP is the domain name lookup. (this > > is also available to the DNS servers, etc - just the domain name) > > > > And no, You are also wrong: Opera does not upload your visited > > URL's to a third party server. > > > > Up to now, nobody has even tried this as it is abuse / abusive > > > > HTTPS URL's, themselves frequently contain personal data and > > other sensitive info, as the URL itself is supposes to be part of > > the encrypted session. > > > > And, this is the whole point of all of this. > > > > If Google starts saving all URL's and link that with the local > > cache (because they control the local software), the effect will be > > an increase > > in speed (as the media does not have to come over the encrypted > > session) > > > > This will probably eventually FORCE Opera/Firefox/insert name > > here - to also operate in this fashion, as users will want the > > speed - and they will not know that it is less secure / less > > private, etc. > > > > This is a major issue and not a small issue, it will eventually > > affect all of us. > > > > for example, one of my bank URL at login is: > > > > https://nameofbank.com/login > > > > then, later in the session: > > https://nameofbank.com/?id=x&transfer=1 > > etc etc > > > > This, right now, is not an issue as the URL itself is encrypted > > > > it is a major invasion of privacy that a third party vendor, > > supplying "free" software is also now recording url's which gives > > them two advantages over the ethical software providers. Not only > > that but that their "innovation" of breaking the HTTPS protocol, > > may force other vendors to go down the same path as the "consumers" > > are too lazy or uninformed to understand what it happening. > > > > If society does nothing about this case of a multinational > > leveraging people > > against people's bad behavior (or poor choices - as Ronald > > said: use a different browser) this will eventually affect us all. > > > > On Thu, 14 Mar 2019 09:53:47 +0100 > > Esa Laitinen <esa at laitinen.org <mailto:esa at laitinen.org>> wrote: > > > > > On Thu, Mar 14, 2019 at 6:05 AM ac <ac at main.me > > > <mailto:ac at main.me>> wrote: > > > > HTTPS protocol, by design, is secure and private. > > > > > > > > The average consumer expects this to be true. > > > > > > > > Google had to actually go and change, in an "under cover" > > > > way, the entire way and method that HTTPS works. This > > > > "change" is being sold as a "good thing" to poor people > > > > and/or people with low bandwidth and that Google is doing a > > > > "good thing" by making this change. > > > > > > Dear Andre > > > > > > The URLs you're accessing are also available for > > > > > > - your ISP > > > - your VPN provider (unless you've rolled your own) > > > and some information is also potentially stored by > > > - your DNS provider > > > > > > And Opera browser has been doing similar things when you've > > > enabled the bandwidth savings. > > > > > > or am I missing something? > > > > > > OK. I'm ignoring here that this particular thingi is using > > > MITM methods to do the optimization, which is for me a bit > > > more worrying than google having access to the URLs I browse. > > > They have them mostly anyway. > > > > > > But, it is a choice a user makes, it is not forced upon them. > > > > > > > > > Yours, > > > > > > esa > > > > > > > > > > > > > >
- Previous message (by thread): [anti-abuse-wg] Google Privacy Abuse
- Next message (by thread): [anti-abuse-wg] Google Privacy Abuse
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]