[anti-abuse-wg] Google Privacy Abuse

this thread: Google Privacy Abuse

has NOTHING to do with safebrowsing and you are either deliberately
causing obfuscation or you are legit in your own confusion?
Simply: In my original post I included a link to slashgear.com

Please do read my initial post.

Then, regarding https URL's: 

It is a simple technical fact that ISP's etc - Do Not Have, receive or
are able to read the actual URL. - Please do see the https protocol
itself, for additional information.

You are correct in only one of your assertions and your feelings:

I agree 100% that this is an important topic



On Fri, 15 Mar 2019 20:37:04 +0100
Serge Droz via anti-abuse-wg <anti-abuse-wg at ripe.net> wrote:

> Your assertion is wrong:
> 
> Google safebrowsing works by comparing the URL to a local list, which
> the browser downloads from Google's Servers. Browser do not send the
> URL to Google for checking.
> 
> See for example
> > https://superuser.com/questions/832608/what-is-being-send-to-received-from-safebrowsing-google-com-when-i-open-firefo  
> 
> 
> Some ISPs in the US collect URLs from http traffic, but not https
> traffic, the later does not work. THat is indeed concerneing, but has
> nothing to do with Google.
> 
> What Google or other see, however is URLs going through URL
> shortners,, or the urls you click on a Google page.
> 
> Also trackers, embedded in many websites deliver info back to Google
> (or whatever tracker site). This again something that should be made
> a bit more transparent.
> 
> I do feel it is very important to base any discussions surrounding the
> important topics discussed on this list on verifiable facts and not on
> claims or fear.
> 
> 
> Best
> Serge
> 
> 
> 
> 
> On 15/03/2019 13:41, Fi Shing wrote:
> > /"And no, You are also wrong: Opera does not upload your visited
> > URL's to a third party server."/
> > 
> > If opera (like chrome, edge or firefox) check the URL to see if it
> > is "dangerous" (a phishing URL etc) then that is logged on their
> > end, when it checks the database to see if the link has been
> > flagged.
> > 
> > This is the price that people pay for "free" browsers.
> > 
> > Google protects you from "phishing websites", whilst archiving your
> > website access, and then sells that as marketing data to who ever
> > will buy it.
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >     -------- Original Message --------
> >     Subject: Re: [anti-abuse-wg] Google Privacy Abuse
> >     From: ac <ac at main.me <mailto:ac at main.me>>
> >     Date: Thu, March 14, 2019 8:16 pm
> >     To: anti-abuse-wg at ripe.net <mailto:anti-abuse-wg at ripe.net>
> > 
> >     Hi Esa,
> > 
> >     No, you are wrong... the URL's are not available to anyone.
> > 
> >     What is available to the ISP is the domain name lookup. (this
> > is also available to the DNS servers, etc - just the domain name)
> > 
> >     And no, You are also wrong: Opera does not upload your visited
> > URL's to a third party server.
> > 
> >     Up to now, nobody has even tried this as it is abuse / abusive
> > 
> >     HTTPS URL's, themselves frequently contain personal data and
> > other sensitive info, as the URL itself is supposes to be part of
> > the encrypted session.
> > 
> >     And, this is the whole point of all of this.
> > 
> >     If Google starts saving all URL's and link that with the local
> > cache (because they control the local software), the effect will be
> > an increase
> >     in speed (as the media does not have to come over the encrypted
> >     session)
> > 
> >     This will probably eventually FORCE Opera/Firefox/insert name
> > here - to also operate in this fashion, as users will want the
> > speed - and they will not know that it is less secure / less
> > private, etc.
> > 
> >     This is a major issue and not a small issue, it will eventually
> > affect all of us.
> > 
> >     for example, one of my bank URL at login is:
> > 
> >     https://nameofbank.com/login
> > 
> >     then, later in the session:
> >     https://nameofbank.com/?id=x&transfer=1
> >     etc etc
> > 
> >     This, right now, is not an issue as the URL itself is encrypted
> > 
> >     it is a major invasion of privacy that a third party vendor,
> > supplying "free" software is also now recording url's which gives
> > them two advantages over the ethical software providers. Not only
> > that but that their "innovation" of breaking the HTTPS protocol,
> > may force other vendors to go down the same path as the "consumers"
> > are too lazy or uninformed to understand what it happening.
> > 
> >     If society does nothing about this case of a multinational
> >     leveraging people
> >     against people's bad behavior (or poor choices - as Ronald
> > said: use a different browser) this will eventually affect us all.
> > 
> >     On Thu, 14 Mar 2019 09:53:47 +0100
> >     Esa Laitinen <esa at laitinen.org <mailto:esa at laitinen.org>> wrote:
> >   
> >     > On Thu, Mar 14, 2019 at 6:05 AM ac <ac at main.me
> >     > <mailto:ac at main.me>> wrote: 
> >     > > HTTPS protocol, by design, is secure and private.
> >     > >
> >     > > The average consumer expects this to be true.
> >     > >
> >     > > Google had to actually go and change, in an "under cover"
> >     > > way, the entire way and method that HTTPS works. This
> >     > > "change" is being sold as a "good thing" to poor people
> >     > > and/or people with low bandwidth and that Google is doing a
> >     > > "good thing" by making this change. 
> >     > 
> >     > Dear Andre
> >     > 
> >     > The URLs you're accessing are also available for
> >     > 
> >     > - your ISP
> >     > - your VPN provider (unless you've rolled your own)
> >     > and some information is also potentially stored by
> >     > - your DNS provider
> >     > 
> >     > And Opera browser has been doing similar things when you've
> >     > enabled the bandwidth savings.
> >     > 
> >     > or am I missing something?
> >     > 
> >     > OK. I'm ignoring here that this particular thingi is using
> >     > MITM methods to do the optimization, which is for me a bit
> >     > more worrying than google having access to the URLs I browse.
> >     > They have them mostly anyway.
> >     > 
> >     > But, it is a choice a user makes, it is not forced upon them.
> >     > 
> >     > 
> >     > Yours,
> >     > 
> >     > esa
> >     > 
> >     > 
> >     >   
> > 
> >   
>