Google and "Safe Browsing"

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Google and "Safe Browsing"

»Q«
Note: NSS Labs doesn't have anything to do with Mozilla's NSS
project/product -- the name's just a coincidence.

<http://www.nsslabs.com/company/news/press-releases/899.html>
Excerpt of press release:

  Over the past several years, NSS Labs has conducted ongoing research
  into the protection capabilities of Chrome, Firefox, Internet
  Explorer, and Safari. The latest round of testing occurred from
  November 21, 2011 – January 5, 2012, during which we observed what
  appears to be a significant change when compared with historical
  results. Chrome's protection rate steadily climbed to just over 50%
  before suddenly falling back to 20%.  Over the same time period (Nov
  21, 2011 – December 21, 2011), Firefox and Safari's block rate
  remained stuck at 2%, and then inexplicably jumped to 7% on the same
  day Chrome's protection precipitously dropped (December 22nd).

Entire report, with charts and incendiary title:
<http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>

A bit more perspective from in the last section of this blog
entry, and in the first comment:
<http://www.morbo.org/2012/02/new-safebrowsing-backend.html>

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

Sailfish-2
My bloviated meandering follows what »Q« graced us with on 4/6/2012 4:06 PM:

> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
> project/product -- the name's just a coincidence.
>
> <http://www.nsslabs.com/company/news/press-releases/899.html>
> Excerpt of press release:
>
>   Over the past several years, NSS Labs has conducted ongoing research
>   into the protection capabilities of Chrome, Firefox, Internet
>   Explorer, and Safari. The latest round of testing occurred from
>   November 21, 2011 – January 5, 2012, during which we observed what
>   appears to be a significant change when compared with historical
>   results. Chrome's protection rate steadily climbed to just over 50%
>   before suddenly falling back to 20%.  Over the same time period (Nov
>   21, 2011 – December 21, 2011), Firefox and Safari's block rate
>   remained stuck at 2%, and then inexplicably jumped to 7% on the same
>   day Chrome's protection precipitously dropped (December 22nd).
>
> Entire report, with charts and incendiary title:
> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>
> A bit more perspective from in the last section of this blog
> entry, and in the first comment:
> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>
Interesting but I'm unsure what to make of it. Was the reason Chrome
went from 50% to 20% because they've slacked off and started allowing
more questionable sites through or perhaps because they determined that
the 50% protection rate included significant false-positives? Also, in
another thread you mentioned that Firefox uses Google's "Safe Browsing"
API. Is that related to this and, if so, why wouldn't Firefox have a
similar protection rate as Google. Or (which is likely the case), am I
conflating two different things ;)

--
Sailfish - Netscape Champion
Mozilla Contributor Member - www.mozilla.org/credits/
Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
Rare Mozilla Stuff: https://www.projectit.com/
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

»Q«
On Fri, 06 Apr 2012 16:28:11 -0700
Sailfish <[hidden email]> wrote:

> My bloviated meandering follows what »Q« graced us with on 4/6/2012
> 4:06 PM:
> > Note: NSS Labs doesn't have anything to do with Mozilla's NSS
> > project/product -- the name's just a coincidence.
> >
> > <http://www.nsslabs.com/company/news/press-releases/899.html>
> > Excerpt of press release:
> >
> >   Over the past several years, NSS Labs has conducted ongoing
> > research into the protection capabilities of Chrome, Firefox,
> > Internet Explorer, and Safari. The latest round of testing occurred
> > from November 21, 2011 – January 5, 2012, during which we observed
> > what appears to be a significant change when compared with
> > historical results. Chrome's protection rate steadily climbed to
> > just over 50% before suddenly falling back to 20%.  Over the same
> > time period (Nov 21, 2011 – December 21, 2011), Firefox and
> > Safari's block rate remained stuck at 2%, and then inexplicably
> > jumped to 7% on the same day Chrome's protection precipitously
> > dropped (December 22nd).
> >
> > Entire report, with charts and incendiary title:
> > <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
> >
> > A bit more perspective from in the last section of this blog
> > entry, and in the first comment:
> > <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
> >
> Interesting but I'm unsure what to make of it. Was the reason Chrome
> went from 50% to 20% because they've slacked off and started allowing
> more questionable sites through or perhaps because they determined
> that the 50% protection rate included significant false-positives?

That's entirely unclear to me as well.

> Also, in another thread you mentioned that Firefox uses Google's
> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
> Firefox have a similar protection rate as Google. Or (which is likely
> the case), am I conflating two different things ;)

Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
list, as I understand it.  Google certainly hosts the list Firefox
uses, though it's possible some folks outside of Google  contribute to
it.

Google has new approaches to Safe Browsing, without publicly documented
APIs.  The concern is that Google may be neglecting the Safe Browsing
used by Firefox and Safari because Google has cool new stuff it's not
sharing.  But the first comment to that blog post indicates that Google
has offered the new stuff to Mozilla and Mozilla hasn't decided to use
it yet.  Then again, the blog post was written by one of the Mozilla
people working on Safe Browsing, and he didn't know about the offer
until he got that comment.

That's not a great summary, but it's the best I can do right now.

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

Sailfish-2
My bloviated meandering follows what »Q« graced us with on 4/6/2012 4:54 PM:

> On Fri, 06 Apr 2012 16:28:11 -0700
> Sailfish <[hidden email]> wrote:
>
>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>> 4:06 PM:
>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>> project/product -- the name's just a coincidence.
>>>
>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>> Excerpt of press release:
>>>
>>>   Over the past several years, NSS Labs has conducted ongoing
>>> research into the protection capabilities of Chrome, Firefox,
>>> Internet Explorer, and Safari. The latest round of testing occurred
>>> from November 21, 2011 – January 5, 2012, during which we observed
>>> what appears to be a significant change when compared with
>>> historical results. Chrome's protection rate steadily climbed to
>>> just over 50% before suddenly falling back to 20%.  Over the same
>>> time period (Nov 21, 2011 – December 21, 2011), Firefox and
>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>> jumped to 7% on the same day Chrome's protection precipitously
>>> dropped (December 22nd).
>>>
>>> Entire report, with charts and incendiary title:
>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>
>>> A bit more perspective from in the last section of this blog
>>> entry, and in the first comment:
>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>
>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>> went from 50% to 20% because they've slacked off and started allowing
>> more questionable sites through or perhaps because they determined
>> that the 50% protection rate included significant false-positives?
>
> That's entirely unclear to me as well.
>
>> Also, in another thread you mentioned that Firefox uses Google's
>> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
>> Firefox have a similar protection rate as Google. Or (which is likely
>> the case), am I conflating two different things ;)
>
> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
> list, as I understand it.  Google certainly hosts the list Firefox
> uses, though it's possible some folks outside of Google  contribute to
> it.
>
> Google has new approaches to Safe Browsing, without publicly documented
> APIs.  The concern is that Google may be neglecting the Safe Browsing
> used by Firefox and Safari because Google has cool new stuff it's not
> sharing.  But the first comment to that blog post indicates that Google
> has offered the new stuff to Mozilla and Mozilla hasn't decided to use
> it yet.  Then again, the blog post was written by one of the Mozilla
> people working on Safe Browsing, and he didn't know about the offer
> until he got that comment.
>
> That's not a great summary, but it's the best I can do right now.
>
I understand, thanks.

--
Sailfish - Netscape Champion
Mozilla Contributor Member - www.mozilla.org/credits/
Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
Rare Mozilla Stuff: https://www.projectit.com/
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

JohnQPublic
"Sailfish" <[hidden email]> wrote in message
news:[hidden email]...

> My bloviated meandering follows what »Q« graced us with on 4/6/2012 4:54
> PM:
>> On Fri, 06 Apr 2012 16:28:11 -0700
>> Sailfish <[hidden email]> wrote:
>>
>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>> 4:06 PM:
>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>> project/product -- the name's just a coincidence.
>>>>
>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>> Excerpt of press release:
>>>>
>>>>   Over the past several years, NSS Labs has conducted ongoing
>>>> research into the protection capabilities of Chrome, Firefox,
>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>> what appears to be a significant change when compared with
>>>> historical results. Chrome's protection rate steadily climbed to
>>>> just over 50% before suddenly falling back to 20%.  Over the same
>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>> dropped (December 22nd).
>>>>
>>>> Entire report, with charts and incendiary title:
>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>
>>>> A bit more perspective from in the last section of this blog
>>>> entry, and in the first comment:
>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>
>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>> went from 50% to 20% because they've slacked off and started allowing
>>> more questionable sites through or perhaps because they determined
>>> that the 50% protection rate included significant false-positives?
>>
>> That's entirely unclear to me as well.
>>
>>> Also, in another thread you mentioned that Firefox uses Google's
>>> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
>>> Firefox have a similar protection rate as Google. Or (which is likely
>>> the case), am I conflating two different things ;)
>>
>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>> list, as I understand it.  Google certainly hosts the list Firefox
>> uses, though it's possible some folks outside of Google  contribute to
>> it.
>>
>> Google has new approaches to Safe Browsing, without publicly documented
>> APIs.  The concern is that Google may be neglecting the Safe Browsing
>> used by Firefox and Safari because Google has cool new stuff it's not
>> sharing.  But the first comment to that blog post indicates that Google
>> has offered the new stuff to Mozilla and Mozilla hasn't decided to use
>> it yet.  Then again, the blog post was written by one of the Mozilla
>> people working on Safe Browsing, and he didn't know about the offer
>> until he got that comment.
>>
>> That's not a great summary, but it's the best I can do right now.
>>
> I understand, thanks.
I would be very interested in any more specific details about exactly how
Firefox obtains the Google API (presumably downloads a file in the
background?, on a schedule?, filename?). Also what Firefox settings,
about:config, userChrome.css, or other tweaks can affect/enable/disable it?
Thanks!
--
JQP




_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

Bill Braun-3
On 4/7/2012 8:42 PM, JohnQPublic wrote:

> "Sailfish"<[hidden email]>  wrote in message
> news:[hidden email]...
>> My bloviated meandering follows what »Q« graced us with on 4/6/2012 4:54
>> PM:
>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>> Sailfish<[hidden email]>  wrote:
>>>
>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>> 4:06 PM:
>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>> project/product -- the name's just a coincidence.
>>>>>
>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>> Excerpt of press release:
>>>>>
>>>>>    Over the past several years, NSS Labs has conducted ongoing
>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>> what appears to be a significant change when compared with
>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>> just over 50% before suddenly falling back to 20%.  Over the same
>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>> dropped (December 22nd).
>>>>>
>>>>> Entire report, with charts and incendiary title:
>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>
>>>>> A bit more perspective from in the last section of this blog
>>>>> entry, and in the first comment:
>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>
>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>> went from 50% to 20% because they've slacked off and started allowing
>>>> more questionable sites through or perhaps because they determined
>>>> that the 50% protection rate included significant false-positives?
>>>
>>> That's entirely unclear to me as well.
>>>
>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
>>>> Firefox have a similar protection rate as Google. Or (which is likely
>>>> the case), am I conflating two different things ;)
>>>
>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>> list, as I understand it.  Google certainly hosts the list Firefox
>>> uses, though it's possible some folks outside of Google  contribute to
>>> it.
>>>
>>> Google has new approaches to Safe Browsing, without publicly documented
>>> APIs.  The concern is that Google may be neglecting the Safe Browsing
>>> used by Firefox and Safari because Google has cool new stuff it's not
>>> sharing.  But the first comment to that blog post indicates that Google
>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to use
>>> it yet.  Then again, the blog post was written by one of the Mozilla
>>> people working on Safe Browsing, and he didn't know about the offer
>>> until he got that comment.
>>>
>>> That's not a great summary, but it's the best I can do right now.
>>>
>> I understand, thanks.
>
> I would be very interested in any more specific details about exactly how
> Firefox obtains the Google API (presumably downloads a file in the
> background?, on a schedule?, filename?). Also what Firefox settings,
> about:config, userChrome.css, or other tweaks can affect/enable/disable it?
> Thanks!

Firefox obtained it the same way you would.

http://code.google.com/more/

Someone else will have to respond to the ability to enable/disable/remove.

Why would you want to remove code that increases safety?

If you are unfamiliar with APIs, they are basically instructions on how
to get data or information from a web site, or post data or information
to a web site. This article may help.

http://en.wikipedia.org/wiki/Application_programming_interface





_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

Ron Hunter
On 4/9/2012 8:38 AM, Bill Braun wrote:

> On 4/7/2012 8:42 PM, JohnQPublic wrote:
>> "Sailfish"<[hidden email]> wrote in
>> message
>> news:[hidden email]...
>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012 4:54
>>> PM:
>>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>>> Sailfish<[hidden email]> wrote:
>>>>
>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>> 4:06 PM:
>>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>>> project/product -- the name's just a coincidence.
>>>>>>
>>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>>> Excerpt of press release:
>>>>>>
>>>>>> Over the past several years, NSS Labs has conducted ongoing
>>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>>> what appears to be a significant change when compared with
>>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>>> just over 50% before suddenly falling back to 20%. Over the same
>>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>>> dropped (December 22nd).
>>>>>>
>>>>>> Entire report, with charts and incendiary title:
>>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>>
>>>>>>
>>>>>> A bit more perspective from in the last section of this blog
>>>>>> entry, and in the first comment:
>>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>>
>>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>>> went from 50% to 20% because they've slacked off and started allowing
>>>>> more questionable sites through or perhaps because they determined
>>>>> that the 50% protection rate included significant false-positives?
>>>>
>>>> That's entirely unclear to me as well.
>>>>
>>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>>> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
>>>>> Firefox have a similar protection rate as Google. Or (which is likely
>>>>> the case), am I conflating two different things ;)
>>>>
>>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>>> list, as I understand it. Google certainly hosts the list Firefox
>>>> uses, though it's possible some folks outside of Google contribute to
>>>> it.
>>>>
>>>> Google has new approaches to Safe Browsing, without publicly documented
>>>> APIs. The concern is that Google may be neglecting the Safe Browsing
>>>> used by Firefox and Safari because Google has cool new stuff it's not
>>>> sharing. But the first comment to that blog post indicates that Google
>>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to use
>>>> it yet. Then again, the blog post was written by one of the Mozilla
>>>> people working on Safe Browsing, and he didn't know about the offer
>>>> until he got that comment.
>>>>
>>>> That's not a great summary, but it's the best I can do right now.
>>>>
>>> I understand, thanks.
>>
>> I would be very interested in any more specific details about exactly how
>> Firefox obtains the Google API (presumably downloads a file in the
>> background?, on a schedule?, filename?). Also what Firefox settings,
>> about:config, userChrome.css, or other tweaks can
>> affect/enable/disable it?
>> Thanks!
>
> Firefox obtained it the same way you would.
>
> http://code.google.com/more/
>
> Someone else will have to respond to the ability to enable/disable/remove.
>
> Why would you want to remove code that increases safety?
>
> If you are unfamiliar with APIs, they are basically instructions on how
> to get data or information from a web site, or post data or information
> to a web site. This article may help.
>
> http://en.wikipedia.org/wiki/Application_programming_interface
>
>
>
>
>
As far as I can tell, JQP just wants to be on a level with IE6 and OE6,
in which he gets to worry about his own security, totally.  So, why
doesn't he just USE THEM?  I suppose he sleeps with the doors unlocked,
and windows open, and drives around with no seatbelt too.

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

JohnQPublic
In reply to this post by Bill Braun-3
"Bill Braun" <[hidden email]> wrote in message
news:[hidden email]...
On 4/7/2012 8:42 PM, JohnQPublic wrote:

> "Sailfish"<[hidden email]>  wrote in
> message
> news:[hidden email]...
>> My bloviated meandering follows what »Q« graced us with on 4/6/2012 4:54
>> PM:
>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>> Sailfish<[hidden email]>  wrote:
>>>
>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>> 4:06 PM:
>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>> project/product -- the name's just a coincidence.
>>>>>
>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>> Excerpt of press release:
>>>>>
>>>>>    Over the past several years, NSS Labs has conducted ongoing
>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>> what appears to be a significant change when compared with
>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>> just over 50% before suddenly falling back to 20%.  Over the same
>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>> dropped (December 22nd).
>>>>>
>>>>> Entire report, with charts and incendiary title:
>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>
>>>>> A bit more perspective from in the last section of this blog
>>>>> entry, and in the first comment:
>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>
>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>> went from 50% to 20% because they've slacked off and started allowing
>>>> more questionable sites through or perhaps because they determined
>>>> that the 50% protection rate included significant false-positives?
>>>
>>> That's entirely unclear to me as well.
>>>
>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
>>>> Firefox have a similar protection rate as Google. Or (which is likely
>>>> the case), am I conflating two different things ;)
>>>
>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>> list, as I understand it.  Google certainly hosts the list Firefox
>>> uses, though it's possible some folks outside of Google  contribute to
>>> it.
>>>
>>> Google has new approaches to Safe Browsing, without publicly documented
>>> APIs.  The concern is that Google may be neglecting the Safe Browsing
>>> used by Firefox and Safari because Google has cool new stuff it's not
>>> sharing.  But the first comment to that blog post indicates that Google
>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to use
>>> it yet.  Then again, the blog post was written by one of the Mozilla
>>> people working on Safe Browsing, and he didn't know about the offer
>>> until he got that comment.
>>>
>>> That's not a great summary, but it's the best I can do right now.
>>>
>> I understand, thanks.
>
> I would be very interested in any more specific details about exactly how
> Firefox obtains the Google API (presumably downloads a file in the
> background?, on a schedule?, filename?). Also what Firefox settings,
> about:config, userChrome.css, or other tweaks can affect/enable/disable
> it?
> Thanks!
Firefox obtained it the same way you would.

http://code.google.com/more/

Someone else will have to respond to the ability to enable/disable/remove.

Why would you want to remove code that increases safety?

If you are unfamiliar with APIs, they are basically instructions on how
to get data or information from a web site, or post data or information
to a web site. This article may help.

http://en.wikipedia.org/wiki/Application_programming_interface

===============

Thanks for the info. That gives me a general idea. As for why I would want
to remove code that increases safety, I disagree with that premise. I
seriously doubt that anything associated with google increases safety,
privacy, or security. "Security" is used as a false excuse for putting
adware, spyware, and malware on computers these days. Anything that is done
without user's prior knowledge and approval, including this apparent secret
download by Firefox in the "background"(?), falls into that category.
They're pulling the wool over a lot of eyes, and it's time to expose their
true nature!!
--
JQP



_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

Bill Braun-3
On 4/9/2012 2:26 PM, JohnQPublic wrote:

> "Bill Braun"<[hidden email]>  wrote in message
> news:[hidden email]...
> On 4/7/2012 8:42 PM, JohnQPublic wrote:
>> "Sailfish"<[hidden email]>   wrote in
>> message
>> news:[hidden email]...
>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012 4:54
>>> PM:
>>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>>> Sailfish<[hidden email]>   wrote:
>>>>
>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>> 4:06 PM:
>>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>>> project/product -- the name's just a coincidence.
>>>>>>
>>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>>> Excerpt of press release:
>>>>>>
>>>>>>     Over the past several years, NSS Labs has conducted ongoing
>>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>>> what appears to be a significant change when compared with
>>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>>> just over 50% before suddenly falling back to 20%.  Over the same
>>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>>> dropped (December 22nd).
>>>>>>
>>>>>> Entire report, with charts and incendiary title:
>>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>>
>>>>>> A bit more perspective from in the last section of this blog
>>>>>> entry, and in the first comment:
>>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>>
>>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>>> went from 50% to 20% because they've slacked off and started allowing
>>>>> more questionable sites through or perhaps because they determined
>>>>> that the 50% protection rate included significant false-positives?
>>>>
>>>> That's entirely unclear to me as well.
>>>>
>>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>>> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
>>>>> Firefox have a similar protection rate as Google. Or (which is likely
>>>>> the case), am I conflating two different things ;)
>>>>
>>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>>> list, as I understand it.  Google certainly hosts the list Firefox
>>>> uses, though it's possible some folks outside of Google  contribute to
>>>> it.
>>>>
>>>> Google has new approaches to Safe Browsing, without publicly documented
>>>> APIs.  The concern is that Google may be neglecting the Safe Browsing
>>>> used by Firefox and Safari because Google has cool new stuff it's not
>>>> sharing.  But the first comment to that blog post indicates that Google
>>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to use
>>>> it yet.  Then again, the blog post was written by one of the Mozilla
>>>> people working on Safe Browsing, and he didn't know about the offer
>>>> until he got that comment.
>>>>
>>>> That's not a great summary, but it's the best I can do right now.
>>>>
>>> I understand, thanks.
>>
>> I would be very interested in any more specific details about exactly how
>> Firefox obtains the Google API (presumably downloads a file in the
>> background?, on a schedule?, filename?). Also what Firefox settings,
>> about:config, userChrome.css, or other tweaks can affect/enable/disable
>> it?
>> Thanks!
>
> Firefox obtained it the same way you would.
>
> http://code.google.com/more/
>
> Someone else will have to respond to the ability to enable/disable/remove.
>
> Why would you want to remove code that increases safety?
>
> If you are unfamiliar with APIs, they are basically instructions on how
> to get data or information from a web site, or post data or information
> to a web site. This article may help.
>
> http://en.wikipedia.org/wiki/Application_programming_interface
>
> ===============
>
> Thanks for the info. That gives me a general idea. As for why I would want
> to remove code that increases safety, I disagree with that premise. I
> seriously doubt that anything associated with google increases safety,
> privacy, or security. "Security" is used as a false excuse for putting
> adware, spyware, and malware on computers these days. Anything that is done
> without user's prior knowledge and approval, including this apparent secret
> download by Firefox in the "background"(?), falls into that category.
> They're pulling the wool over a lot of eyes, and it's time to expose their
> true nature!!

Have you ever done any programming or scripting for web sites?


_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

Bill Braun-3
In reply to this post by Ron Hunter
On 4/9/2012 2:23 PM, Ron Hunter wrote:

> On 4/9/2012 8:38 AM, Bill Braun wrote:
>> On 4/7/2012 8:42 PM, JohnQPublic wrote:
>>> "Sailfish"<[hidden email]> wrote in
>>> message
>>> news:[hidden email]...
>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>> 4:54
>>>> PM:
>>>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>>>> Sailfish<[hidden email]> wrote:
>>>>>
>>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>>> 4:06 PM:
>>>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>>>> project/product -- the name's just a coincidence.
>>>>>>>
>>>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>>>> Excerpt of press release:
>>>>>>>
>>>>>>> Over the past several years, NSS Labs has conducted ongoing
>>>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>>>> what appears to be a significant change when compared with
>>>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>>>> just over 50% before suddenly falling back to 20%. Over the same
>>>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>>>> dropped (December 22nd).
>>>>>>>
>>>>>>> Entire report, with charts and incendiary title:
>>>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> A bit more perspective from in the last section of this blog
>>>>>>> entry, and in the first comment:
>>>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>>>
>>>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>>>> went from 50% to 20% because they've slacked off and started allowing
>>>>>> more questionable sites through or perhaps because they determined
>>>>>> that the 50% protection rate included significant false-positives?
>>>>>
>>>>> That's entirely unclear to me as well.
>>>>>
>>>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>>>> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
>>>>>> Firefox have a similar protection rate as Google. Or (which is likely
>>>>>> the case), am I conflating two different things ;)
>>>>>
>>>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>>>> list, as I understand it. Google certainly hosts the list Firefox
>>>>> uses, though it's possible some folks outside of Google contribute to
>>>>> it.
>>>>>
>>>>> Google has new approaches to Safe Browsing, without publicly
>>>>> documented
>>>>> APIs. The concern is that Google may be neglecting the Safe Browsing
>>>>> used by Firefox and Safari because Google has cool new stuff it's not
>>>>> sharing. But the first comment to that blog post indicates that Google
>>>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to use
>>>>> it yet. Then again, the blog post was written by one of the Mozilla
>>>>> people working on Safe Browsing, and he didn't know about the offer
>>>>> until he got that comment.
>>>>>
>>>>> That's not a great summary, but it's the best I can do right now.
>>>>>
>>>> I understand, thanks.
>>>
>>> I would be very interested in any more specific details about exactly
>>> how
>>> Firefox obtains the Google API (presumably downloads a file in the
>>> background?, on a schedule?, filename?). Also what Firefox settings,
>>> about:config, userChrome.css, or other tweaks can
>>> affect/enable/disable it?
>>> Thanks!
>>
>> Firefox obtained it the same way you would.
>>
>> http://code.google.com/more/
>>
>> Someone else will have to respond to the ability to
>> enable/disable/remove.
>>
>> Why would you want to remove code that increases safety?
>>
>> If you are unfamiliar with APIs, they are basically instructions on how
>> to get data or information from a web site, or post data or information
>> to a web site. This article may help.
>>
>> http://en.wikipedia.org/wiki/Application_programming_interface
>>
>>
>>
>>
>>
> As far as I can tell, JQP just wants to be on a level with IE6 and OE6,
> in which he gets to worry about his own security, totally. So, why
> doesn't he just USE THEM? I suppose he sleeps with the doors unlocked,
> and windows open, and drives around with no seatbelt too.
>

I suspect he wants to know what's going on under the hood (fair enough,
not a bad idea in principle) but commonly concludes that anything he
doesn't know about or understand is nefarious.

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

JohnQPublic
In reply to this post by Bill Braun-3
"Bill Braun" <[hidden email]> wrote in message
news:[hidden email]...
On 4/9/2012 2:26 PM, JohnQPublic wrote:

> "Bill Braun"<[hidden email]>  wrote in message
> news:[hidden email]...
> On 4/7/2012 8:42 PM, JohnQPublic wrote:
>> "Sailfish"<[hidden email]>   wrote in
>> message
>> news:[hidden email]...
>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012 4:54
>>> PM:
>>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>>> Sailfish<[hidden email]>   wrote:
>>>>
>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>> 4:06 PM:
>>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>>> project/product -- the name's just a coincidence.
>>>>>>
>>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>>> Excerpt of press release:
>>>>>>
>>>>>>     Over the past several years, NSS Labs has conducted ongoing
>>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>>> what appears to be a significant change when compared with
>>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>>> just over 50% before suddenly falling back to 20%.  Over the same
>>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>>> dropped (December 22nd).
>>>>>>
>>>>>> Entire report, with charts and incendiary title:
>>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>>
>>>>>> A bit more perspective from in the last section of this blog
>>>>>> entry, and in the first comment:
>>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>>
>>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>>> went from 50% to 20% because they've slacked off and started allowing
>>>>> more questionable sites through or perhaps because they determined
>>>>> that the 50% protection rate included significant false-positives?
>>>>
>>>> That's entirely unclear to me as well.
>>>>
>>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>>> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
>>>>> Firefox have a similar protection rate as Google. Or (which is likely
>>>>> the case), am I conflating two different things ;)
>>>>
>>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>>> list, as I understand it.  Google certainly hosts the list Firefox
>>>> uses, though it's possible some folks outside of Google  contribute to
>>>> it.
>>>>
>>>> Google has new approaches to Safe Browsing, without publicly documented
>>>> APIs.  The concern is that Google may be neglecting the Safe Browsing
>>>> used by Firefox and Safari because Google has cool new stuff it's not
>>>> sharing.  But the first comment to that blog post indicates that Google
>>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to use
>>>> it yet.  Then again, the blog post was written by one of the Mozilla
>>>> people working on Safe Browsing, and he didn't know about the offer
>>>> until he got that comment.
>>>>
>>>> That's not a great summary, but it's the best I can do right now.
>>>>
>>> I understand, thanks.
>>
>> I would be very interested in any more specific details about exactly how
>> Firefox obtains the Google API (presumably downloads a file in the
>> background?, on a schedule?, filename?). Also what Firefox settings,
>> about:config, userChrome.css, or other tweaks can affect/enable/disable
>> it?
>> Thanks!
>
> Firefox obtained it the same way you would.
>
> http://code.google.com/more/
>
> Someone else will have to respond to the ability to enable/disable/remove.
>
> Why would you want to remove code that increases safety?
>
> If you are unfamiliar with APIs, they are basically instructions on how
> to get data or information from a web site, or post data or information
> to a web site. This article may help.
>
> http://en.wikipedia.org/wiki/Application_programming_interface
>
> ===============
>
> Thanks for the info. That gives me a general idea. As for why I would want
> to remove code that increases safety, I disagree with that premise. I
> seriously doubt that anything associated with google increases safety,
> privacy, or security. "Security" is used as a false excuse for putting
> adware, spyware, and malware on computers these days. Anything that is
> done
> without user's prior knowledge and approval, including this apparent
> secret
> download by Firefox in the "background"(?), falls into that category.
> They're pulling the wool over a lot of eyes, and it's time to expose their
> true nature!!
Have you ever done any programming or scripting for web sites?

============

I have a website... What I don't know I can learn. So lay it on me, if you
know the answers...
--
JQP



_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

Ron Hunter
In reply to this post by Bill Braun-3
On 4/9/2012 3:21 PM, Bill Braun wrote:

> On 4/9/2012 2:23 PM, Ron Hunter wrote:
>> On 4/9/2012 8:38 AM, Bill Braun wrote:
>>> On 4/7/2012 8:42 PM, JohnQPublic wrote:
>>>> "Sailfish"<[hidden email]> wrote in
>>>> message
>>>> news:[hidden email]...
>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>> 4:54
>>>>> PM:
>>>>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>>>>> Sailfish<[hidden email]> wrote:
>>>>>>
>>>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>>>> 4:06 PM:
>>>>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>>>>> project/product -- the name's just a coincidence.
>>>>>>>>
>>>>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>>>>> Excerpt of press release:
>>>>>>>>
>>>>>>>> Over the past several years, NSS Labs has conducted ongoing
>>>>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>>>>> what appears to be a significant change when compared with
>>>>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>>>>> just over 50% before suddenly falling back to 20%. Over the same
>>>>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>>>>> dropped (December 22nd).
>>>>>>>>
>>>>>>>> Entire report, with charts and incendiary title:
>>>>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> A bit more perspective from in the last section of this blog
>>>>>>>> entry, and in the first comment:
>>>>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>>>>
>>>>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>>>>> went from 50% to 20% because they've slacked off and started
>>>>>>> allowing
>>>>>>> more questionable sites through or perhaps because they determined
>>>>>>> that the 50% protection rate included significant false-positives?
>>>>>>
>>>>>> That's entirely unclear to me as well.
>>>>>>
>>>>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>>>>> "Safe Browsing" API. Is that related to this and, if so, why
>>>>>>> wouldn't
>>>>>>> Firefox have a similar protection rate as Google. Or (which is
>>>>>>> likely
>>>>>>> the case), am I conflating two different things ;)
>>>>>>
>>>>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>>>>> list, as I understand it. Google certainly hosts the list Firefox
>>>>>> uses, though it's possible some folks outside of Google contribute to
>>>>>> it.
>>>>>>
>>>>>> Google has new approaches to Safe Browsing, without publicly
>>>>>> documented
>>>>>> APIs. The concern is that Google may be neglecting the Safe Browsing
>>>>>> used by Firefox and Safari because Google has cool new stuff it's not
>>>>>> sharing. But the first comment to that blog post indicates that
>>>>>> Google
>>>>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to
>>>>>> use
>>>>>> it yet. Then again, the blog post was written by one of the Mozilla
>>>>>> people working on Safe Browsing, and he didn't know about the offer
>>>>>> until he got that comment.
>>>>>>
>>>>>> That's not a great summary, but it's the best I can do right now.
>>>>>>
>>>>> I understand, thanks.
>>>>
>>>> I would be very interested in any more specific details about exactly
>>>> how
>>>> Firefox obtains the Google API (presumably downloads a file in the
>>>> background?, on a schedule?, filename?). Also what Firefox settings,
>>>> about:config, userChrome.css, or other tweaks can
>>>> affect/enable/disable it?
>>>> Thanks!
>>>
>>> Firefox obtained it the same way you would.
>>>
>>> http://code.google.com/more/
>>>
>>> Someone else will have to respond to the ability to
>>> enable/disable/remove.
>>>
>>> Why would you want to remove code that increases safety?
>>>
>>> If you are unfamiliar with APIs, they are basically instructions on how
>>> to get data or information from a web site, or post data or information
>>> to a web site. This article may help.
>>>
>>> http://en.wikipedia.org/wiki/Application_programming_interface
>>>
>>>
>>>
>>>
>>>
>> As far as I can tell, JQP just wants to be on a level with IE6 and OE6,
>> in which he gets to worry about his own security, totally. So, why
>> doesn't he just USE THEM? I suppose he sleeps with the doors unlocked,
>> and windows open, and drives around with no seatbelt too.
>>
>
> I suspect he wants to know what's going on under the hood (fair enough,
> not a bad idea in principle) but commonly concludes that anything he
> doesn't know about or understand is nefarious.
>
If he wants to know, he can download the entire source for Firefox from
Mozilla.  He can make changes, and compile his own version, if he
wishes.  Frankly, I WANT these features.  Now I could live without tabs
on top, and the tab manager, but they cause me no grief being there.

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

Bill Braun-3
In reply to this post by JohnQPublic
On 4/9/2012 4:26 PM, JohnQPublic wrote:

> "Bill Braun"<[hidden email]>  wrote in message
> news:[hidden email]...
> On 4/9/2012 2:26 PM, JohnQPublic wrote:
>> "Bill Braun"<[hidden email]>   wrote in message
>> news:[hidden email]...
>> On 4/7/2012 8:42 PM, JohnQPublic wrote:
>>> "Sailfish"<[hidden email]>    wrote in
>>> message
>>> news:[hidden email]...
>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012 4:54
>>>> PM:
>>>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>>>> Sailfish<[hidden email]>    wrote:
>>>>>
>>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>>> 4:06 PM:
>>>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>>>> project/product -- the name's just a coincidence.
>>>>>>>
>>>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>>>> Excerpt of press release:
>>>>>>>
>>>>>>>      Over the past several years, NSS Labs has conducted ongoing
>>>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>>>> what appears to be a significant change when compared with
>>>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>>>> just over 50% before suddenly falling back to 20%.  Over the same
>>>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>>>> dropped (December 22nd).
>>>>>>>
>>>>>>> Entire report, with charts and incendiary title:
>>>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>>>
>>>>>>> A bit more perspective from in the last section of this blog
>>>>>>> entry, and in the first comment:
>>>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>>>
>>>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>>>> went from 50% to 20% because they've slacked off and started allowing
>>>>>> more questionable sites through or perhaps because they determined
>>>>>> that the 50% protection rate included significant false-positives?
>>>>>
>>>>> That's entirely unclear to me as well.
>>>>>
>>>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>>>> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
>>>>>> Firefox have a similar protection rate as Google. Or (which is likely
>>>>>> the case), am I conflating two different things ;)
>>>>>
>>>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>>>> list, as I understand it.  Google certainly hosts the list Firefox
>>>>> uses, though it's possible some folks outside of Google  contribute to
>>>>> it.
>>>>>
>>>>> Google has new approaches to Safe Browsing, without publicly documented
>>>>> APIs.  The concern is that Google may be neglecting the Safe Browsing
>>>>> used by Firefox and Safari because Google has cool new stuff it's not
>>>>> sharing.  But the first comment to that blog post indicates that Google
>>>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to use
>>>>> it yet.  Then again, the blog post was written by one of the Mozilla
>>>>> people working on Safe Browsing, and he didn't know about the offer
>>>>> until he got that comment.
>>>>>
>>>>> That's not a great summary, but it's the best I can do right now.
>>>>>
>>>> I understand, thanks.
>>>
>>> I would be very interested in any more specific details about exactly how
>>> Firefox obtains the Google API (presumably downloads a file in the
>>> background?, on a schedule?, filename?). Also what Firefox settings,
>>> about:config, userChrome.css, or other tweaks can affect/enable/disable
>>> it?
>>> Thanks!
>>
>> Firefox obtained it the same way you would.
>>
>> http://code.google.com/more/
>>
>> Someone else will have to respond to the ability to enable/disable/remove.
>>
>> Why would you want to remove code that increases safety?
>>
>> If you are unfamiliar with APIs, they are basically instructions on how
>> to get data or information from a web site, or post data or information
>> to a web site. This article may help.
>>
>> http://en.wikipedia.org/wiki/Application_programming_interface
>>
>> ===============
>>
>> Thanks for the info. That gives me a general idea. As for why I would want
>> to remove code that increases safety, I disagree with that premise. I
>> seriously doubt that anything associated with google increases safety,
>> privacy, or security. "Security" is used as a false excuse for putting
>> adware, spyware, and malware on computers these days. Anything that is
>> done
>> without user's prior knowledge and approval, including this apparent
>> secret
>> download by Firefox in the "background"(?), falls into that category.
>> They're pulling the wool over a lot of eyes, and it's time to expose their
>> true nature!!
>
> Have you ever done any programming or scripting for web sites?
>
> ============
>
> I have a website... What I don't know I can learn. So lay it on me, if you
> know the answers...

No, I don't think I know the answers you seek. I was asking in the
context of wondering about your general knowledge of how browsers pass
information around, and the limits of what you consider acceptable
browser behavior.

For example, on my website I use session data to identify you (as a
Session ID) and  "follow you around" so when you return to the page that
lists all your subscriptions, it serves up yours and not someone else's
(or none at all). I also use APIs to give you a seamless switch when you
move from my website to the website that hosts some of the games I
design. The APIs log you in and take you directly to the game you
subscribe to (which you requested at my website).

Would you consider those nefarious because I did not explicitly tell you
the browser is doing those things?

I think you'd be stunned at the number of APIs in use on websites.

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

JohnQPublic
"Bill Braun" <[hidden email]> wrote in message
news:[hidden email]...
On 4/9/2012 4:26 PM, JohnQPublic wrote:

> "Bill Braun"<[hidden email]>  wrote in message
> news:[hidden email]...
> On 4/9/2012 2:26 PM, JohnQPublic wrote:
>> "Bill Braun"<[hidden email]>   wrote in message
>> news:[hidden email]...
>> On 4/7/2012 8:42 PM, JohnQPublic wrote:
>>> "Sailfish"<[hidden email]>    wrote in
>>> message
>>> news:[hidden email]...
>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>> 4:54
>>>> PM:
>>>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>>>> Sailfish<[hidden email]>    wrote:
>>>>>
>>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>>> 4:06 PM:
>>>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>>>> project/product -- the name's just a coincidence.
>>>>>>>
>>>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>>>> Excerpt of press release:
>>>>>>>
>>>>>>>      Over the past several years, NSS Labs has conducted ongoing
>>>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>>>> what appears to be a significant change when compared with
>>>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>>>> just over 50% before suddenly falling back to 20%.  Over the same
>>>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>>>> dropped (December 22nd).
>>>>>>>
>>>>>>> Entire report, with charts and incendiary title:
>>>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>>>
>>>>>>> A bit more perspective from in the last section of this blog
>>>>>>> entry, and in the first comment:
>>>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>>>
>>>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>>>> went from 50% to 20% because they've slacked off and started allowing
>>>>>> more questionable sites through or perhaps because they determined
>>>>>> that the 50% protection rate included significant false-positives?
>>>>>
>>>>> That's entirely unclear to me as well.
>>>>>
>>>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>>>> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
>>>>>> Firefox have a similar protection rate as Google. Or (which is likely
>>>>>> the case), am I conflating two different things ;)
>>>>>
>>>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>>>> list, as I understand it.  Google certainly hosts the list Firefox
>>>>> uses, though it's possible some folks outside of Google  contribute to
>>>>> it.
>>>>>
>>>>> Google has new approaches to Safe Browsing, without publicly
>>>>> documented
>>>>> APIs.  The concern is that Google may be neglecting the Safe Browsing
>>>>> used by Firefox and Safari because Google has cool new stuff it's not
>>>>> sharing.  But the first comment to that blog post indicates that
>>>>> Google
>>>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to use
>>>>> it yet.  Then again, the blog post was written by one of the Mozilla
>>>>> people working on Safe Browsing, and he didn't know about the offer
>>>>> until he got that comment.
>>>>>
>>>>> That's not a great summary, but it's the best I can do right now.
>>>>>
>>>> I understand, thanks.
>>>
>>> I would be very interested in any more specific details about exactly
>>> how
>>> Firefox obtains the Google API (presumably downloads a file in the
>>> background?, on a schedule?, filename?). Also what Firefox settings,
>>> about:config, userChrome.css, or other tweaks can affect/enable/disable
>>> it?
>>> Thanks!
>>
>> Firefox obtained it the same way you would.
>>
>> http://code.google.com/more/
>>
>> Someone else will have to respond to the ability to
>> enable/disable/remove.
>>
>> Why would you want to remove code that increases safety?
>>
>> If you are unfamiliar with APIs, they are basically instructions on how
>> to get data or information from a web site, or post data or information
>> to a web site. This article may help.
>>
>> http://en.wikipedia.org/wiki/Application_programming_interface
>>
>> ===============
>>
>> Thanks for the info. That gives me a general idea. As for why I would
>> want
>> to remove code that increases safety, I disagree with that premise. I
>> seriously doubt that anything associated with google increases safety,
>> privacy, or security. "Security" is used as a false excuse for putting
>> adware, spyware, and malware on computers these days. Anything that is
>> done
>> without user's prior knowledge and approval, including this apparent
>> secret
>> download by Firefox in the "background"(?), falls into that category.
>> They're pulling the wool over a lot of eyes, and it's time to expose
>> their
>> true nature!!
>
> Have you ever done any programming or scripting for web sites?
>
> ============
>
> I have a website... What I don't know I can learn. So lay it on me, if you
> know the answers...
No, I don't think I know the answers you seek. I was asking in the
context of wondering about your general knowledge of how browsers pass
information around, and the limits of what you consider acceptable
browser behavior.

For example, on my website I use session data to identify you (as a
Session ID) and  "follow you around" so when you return to the page that
lists all your subscriptions, it serves up yours and not someone else's
(or none at all). I also use APIs to give you a seamless switch when you
move from my website to the website that hosts some of the games I
design. The APIs log you in and take you directly to the game you
subscribe to (which you requested at my website).

Would you consider those nefarious because I did not explicitly tell you
the browser is doing those things?

I think you'd be stunned at the number of APIs in use on websites.

==========

Nefarious is your word, not mine. Basically everything which a browser
downloads and accesses should be disclosed and the user given an option to
opt in/out. This particularly applies to "updates" and the items I've been
discussing such as blocklist downloads and the google API downloads
(presumably?) which happen via a background (hidden from user) process. In
lieu of that, the browser has a suspicious design similar to adware,
spyware, and malware -- and needs thorough investigation. Nothing on the
internet is safe per se, or can be taken for granted, it must be proven so.
It seems that the Mozilla gestapo thinks they can sneak some such things
past their unsuspecting trusting users, but not while I'm around...
--
JQP



_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

Bill Braun-3
On 4/9/2012 5:30 PM, JohnQPublic wrote:

> "Bill Braun"<[hidden email]>  wrote in message
> news:[hidden email]...
> On 4/9/2012 4:26 PM, JohnQPublic wrote:
>> "Bill Braun"<[hidden email]>   wrote in message
>> news:[hidden email]...
>> On 4/9/2012 2:26 PM, JohnQPublic wrote:
>>> "Bill Braun"<[hidden email]>    wrote in message
>>> news:[hidden email]...
>>> On 4/7/2012 8:42 PM, JohnQPublic wrote:
>>>> "Sailfish"<[hidden email]>     wrote in
>>>> message
>>>> news:[hidden email]...
>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>> 4:54
>>>>> PM:
>>>>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>>>>> Sailfish<[hidden email]>     wrote:
>>>>>>
>>>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>>>> 4:06 PM:
>>>>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>>>>> project/product -- the name's just a coincidence.
>>>>>>>>
>>>>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>>>>> Excerpt of press release:
>>>>>>>>
>>>>>>>>       Over the past several years, NSS Labs has conducted ongoing
>>>>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>>>>> what appears to be a significant change when compared with
>>>>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>>>>> just over 50% before suddenly falling back to 20%.  Over the same
>>>>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>>>>> dropped (December 22nd).
>>>>>>>>
>>>>>>>> Entire report, with charts and incendiary title:
>>>>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>>>>
>>>>>>>> A bit more perspective from in the last section of this blog
>>>>>>>> entry, and in the first comment:
>>>>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>>>>
>>>>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>>>>> went from 50% to 20% because they've slacked off and started allowing
>>>>>>> more questionable sites through or perhaps because they determined
>>>>>>> that the 50% protection rate included significant false-positives?
>>>>>>
>>>>>> That's entirely unclear to me as well.
>>>>>>
>>>>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>>>>> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
>>>>>>> Firefox have a similar protection rate as Google. Or (which is likely
>>>>>>> the case), am I conflating two different things ;)
>>>>>>
>>>>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>>>>> list, as I understand it.  Google certainly hosts the list Firefox
>>>>>> uses, though it's possible some folks outside of Google  contribute to
>>>>>> it.
>>>>>>
>>>>>> Google has new approaches to Safe Browsing, without publicly
>>>>>> documented
>>>>>> APIs.  The concern is that Google may be neglecting the Safe Browsing
>>>>>> used by Firefox and Safari because Google has cool new stuff it's not
>>>>>> sharing.  But the first comment to that blog post indicates that
>>>>>> Google
>>>>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to use
>>>>>> it yet.  Then again, the blog post was written by one of the Mozilla
>>>>>> people working on Safe Browsing, and he didn't know about the offer
>>>>>> until he got that comment.
>>>>>>
>>>>>> That's not a great summary, but it's the best I can do right now.
>>>>>>
>>>>> I understand, thanks.
>>>>
>>>> I would be very interested in any more specific details about exactly
>>>> how
>>>> Firefox obtains the Google API (presumably downloads a file in the
>>>> background?, on a schedule?, filename?). Also what Firefox settings,
>>>> about:config, userChrome.css, or other tweaks can affect/enable/disable
>>>> it?
>>>> Thanks!
>>>
>>> Firefox obtained it the same way you would.
>>>
>>> http://code.google.com/more/
>>>
>>> Someone else will have to respond to the ability to
>>> enable/disable/remove.
>>>
>>> Why would you want to remove code that increases safety?
>>>
>>> If you are unfamiliar with APIs, they are basically instructions on how
>>> to get data or information from a web site, or post data or information
>>> to a web site. This article may help.
>>>
>>> http://en.wikipedia.org/wiki/Application_programming_interface
>>>
>>> ===============
>>>
>>> Thanks for the info. That gives me a general idea. As for why I would
>>> want
>>> to remove code that increases safety, I disagree with that premise. I
>>> seriously doubt that anything associated with google increases safety,
>>> privacy, or security. "Security" is used as a false excuse for putting
>>> adware, spyware, and malware on computers these days. Anything that is
>>> done
>>> without user's prior knowledge and approval, including this apparent
>>> secret
>>> download by Firefox in the "background"(?), falls into that category.
>>> They're pulling the wool over a lot of eyes, and it's time to expose
>>> their
>>> true nature!!
>>
>> Have you ever done any programming or scripting for web sites?
>>
>> ============
>>
>> I have a website... What I don't know I can learn. So lay it on me, if you
>> know the answers...
>
> No, I don't think I know the answers you seek. I was asking in the
> context of wondering about your general knowledge of how browsers pass
> information around, and the limits of what you consider acceptable
> browser behavior.
>
> For example, on my website I use session data to identify you (as a
> Session ID) and  "follow you around" so when you return to the page that
> lists all your subscriptions, it serves up yours and not someone else's
> (or none at all). I also use APIs to give you a seamless switch when you
> move from my website to the website that hosts some of the games I
> design. The APIs log you in and take you directly to the game you
> subscribe to (which you requested at my website).
>
> Would you consider those nefarious because I did not explicitly tell you
> the browser is doing those things?
>
> I think you'd be stunned at the number of APIs in use on websites.
>
> ==========
>
> Nefarious is your word, not mine. Basically everything which a browser
> downloads and accesses should be disclosed and the user given an option to
> opt in/out. This particularly applies to "updates" and the items I've been
> discussing such as blocklist downloads and the google API downloads
> (presumably?) which happen via a background (hidden from user) process. In
> lieu of that, the browser has a suspicious design similar to adware,
> spyware, and malware -- and needs thorough investigation. Nothing on the
> internet is safe per se, or can be taken for granted, it must be proven so.
> It seems that the Mozilla gestapo thinks they can sneak some such things
> past their unsuspecting trusting users, but not while I'm around...

APIs and "hidden from users" are practically synonyms. That's the whole
point of APIs, completing tasks through code rather than having the user
laboriously do it manually piece by piece.

I too grow weary of your language. Goodbye for now.

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

RAV-2
In reply to this post by JohnQPublic
On 4/9/2012 5:30 PM, JohnQPublic wrote:

> "Bill Braun"<[hidden email]>  wrote in message
> news:[hidden email]...
> On 4/9/2012 4:26 PM, JohnQPublic wrote:
>> "Bill Braun"<[hidden email]>   wrote in message
>> news:[hidden email]...
>> On 4/9/2012 2:26 PM, JohnQPublic wrote:
>>> "Bill Braun"<[hidden email]>    wrote in message
>>> news:[hidden email]...
>>> On 4/7/2012 8:42 PM, JohnQPublic wrote:
>>>> "Sailfish"<[hidden email]>     wrote in
>>>> message
>>>> news:[hidden email]...
>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>> 4:54
>>>>> PM:
>>>>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>>>>> Sailfish<[hidden email]>     wrote:
>>>>>>
>>>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>>>> 4:06 PM:
>>>>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>>>>> project/product -- the name's just a coincidence.
>>>>>>>>
>>>>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>>>>> Excerpt of press release:
>>>>>>>>
>>>>>>>>       Over the past several years, NSS Labs has conducted ongoing
>>>>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>>>>> what appears to be a significant change when compared with
>>>>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>>>>> just over 50% before suddenly falling back to 20%.  Over the same
>>>>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>>>>> dropped (December 22nd).
>>>>>>>>
>>>>>>>> Entire report, with charts and incendiary title:
>>>>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>>>>
>>>>>>>> A bit more perspective from in the last section of this blog
>>>>>>>> entry, and in the first comment:
>>>>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>>>>
>>>>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>>>>> went from 50% to 20% because they've slacked off and started allowing
>>>>>>> more questionable sites through or perhaps because they determined
>>>>>>> that the 50% protection rate included significant false-positives?
>>>>>>
>>>>>> That's entirely unclear to me as well.
>>>>>>
>>>>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>>>>> "Safe Browsing" API. Is that related to this and, if so, why wouldn't
>>>>>>> Firefox have a similar protection rate as Google. Or (which is likely
>>>>>>> the case), am I conflating two different things ;)
>>>>>>
>>>>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>>>>> list, as I understand it.  Google certainly hosts the list Firefox
>>>>>> uses, though it's possible some folks outside of Google  contribute to
>>>>>> it.
>>>>>>
>>>>>> Google has new approaches to Safe Browsing, without publicly
>>>>>> documented
>>>>>> APIs.  The concern is that Google may be neglecting the Safe Browsing
>>>>>> used by Firefox and Safari because Google has cool new stuff it's not
>>>>>> sharing.  But the first comment to that blog post indicates that
>>>>>> Google
>>>>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to use
>>>>>> it yet.  Then again, the blog post was written by one of the Mozilla
>>>>>> people working on Safe Browsing, and he didn't know about the offer
>>>>>> until he got that comment.
>>>>>>
>>>>>> That's not a great summary, but it's the best I can do right now.
>>>>>>
>>>>> I understand, thanks.
>>>>
>>>> I would be very interested in any more specific details about exactly
>>>> how
>>>> Firefox obtains the Google API (presumably downloads a file in the
>>>> background?, on a schedule?, filename?). Also what Firefox settings,
>>>> about:config, userChrome.css, or other tweaks can affect/enable/disable
>>>> it?
>>>> Thanks!
>>>
>>> Firefox obtained it the same way you would.
>>>
>>> http://code.google.com/more/
>>>
>>> Someone else will have to respond to the ability to
>>> enable/disable/remove.
>>>
>>> Why would you want to remove code that increases safety?
>>>
>>> If you are unfamiliar with APIs, they are basically instructions on how
>>> to get data or information from a web site, or post data or information
>>> to a web site. This article may help.
>>>
>>> http://en.wikipedia.org/wiki/Application_programming_interface
>>>
>>> ===============
>>>
>>> Thanks for the info. That gives me a general idea. As for why I would
>>> want
>>> to remove code that increases safety, I disagree with that premise. I
>>> seriously doubt that anything associated with google increases safety,
>>> privacy, or security. "Security" is used as a false excuse for putting
>>> adware, spyware, and malware on computers these days. Anything that is
>>> done
>>> without user's prior knowledge and approval, including this apparent
>>> secret
>>> download by Firefox in the "background"(?), falls into that category.
>>> They're pulling the wool over a lot of eyes, and it's time to expose
>>> their
>>> true nature!!
>>
>> Have you ever done any programming or scripting for web sites?
>>
>> ============
>>
>> I have a website... What I don't know I can learn. So lay it on me, if you
>> know the answers...
>
> No, I don't think I know the answers you seek. I was asking in the
> context of wondering about your general knowledge of how browsers pass
> information around, and the limits of what you consider acceptable
> browser behavior.
>
> For example, on my website I use session data to identify you (as a
> Session ID) and  "follow you around" so when you return to the page that
> lists all your subscriptions, it serves up yours and not someone else's
> (or none at all). I also use APIs to give you a seamless switch when you
> move from my website to the website that hosts some of the games I
> design. The APIs log you in and take you directly to the game you
> subscribe to (which you requested at my website).
>
> Would you consider those nefarious because I did not explicitly tell you
> the browser is doing those things?
>
> I think you'd be stunned at the number of APIs in use on websites.
>
> ==========
>
> Nefarious is your word, not mine. Basically everything which a browser
> downloads and accesses should be disclosed and the user given an option to
> opt in/out. This particularly applies to "updates" and the items I've been
> discussing such as blocklist downloads and the google API downloads
> (presumably?) which happen via a background (hidden from user) process. In
> lieu of that, the browser has a suspicious design similar to adware,
> spyware, and malware -- and needs thorough investigation. Nothing on the
> internet is safe per se, or can be taken for granted, it must be proven so.
> It seems that the Mozilla gestapo thinks they can sneak some such things
> past their unsuspecting trusting users, but not while I'm around...

You are really quite offensive.  You throw around terribly loaded words
like dictatorship and gestapo, and insinuate that people at Mozilla are
in it for the money.  You insult many hard-working (mostly) volunteers,
and completely nullify any integrity your arguments may have had.  Or
perhaps you just enjoy acting the way you do and getting a rise out of
people.  Why anyone here continues to try to help you is beyond me.
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

JohnQPublic
In reply to this post by Bill Braun-3
"Bill Braun" <[hidden email]> wrote in message
news:[hidden email]...
On 4/9/2012 5:30 PM, JohnQPublic wrote:

> "Bill Braun"<[hidden email]>  wrote in message
> news:[hidden email]...
> On 4/9/2012 4:26 PM, JohnQPublic wrote:
>> "Bill Braun"<[hidden email]>   wrote in message
>> news:[hidden email]...
>> On 4/9/2012 2:26 PM, JohnQPublic wrote:
>>> "Bill Braun"<[hidden email]>    wrote in message
>>> news:[hidden email]...
>>> On 4/7/2012 8:42 PM, JohnQPublic wrote:
>>>> "Sailfish"<[hidden email]>     wrote in
>>>> message
>>>> news:[hidden email]...
>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>> 4:54
>>>>> PM:
>>>>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>>>>> Sailfish<[hidden email]>     wrote:
>>>>>>
>>>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>>>> 4:06 PM:
>>>>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>>>>> project/product -- the name's just a coincidence.
>>>>>>>>
>>>>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>>>>> Excerpt of press release:
>>>>>>>>
>>>>>>>>       Over the past several years, NSS Labs has conducted ongoing
>>>>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>>>>> what appears to be a significant change when compared with
>>>>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>>>>> just over 50% before suddenly falling back to 20%.  Over the same
>>>>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>>>>> dropped (December 22nd).
>>>>>>>>
>>>>>>>> Entire report, with charts and incendiary title:
>>>>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>>>>
>>>>>>>> A bit more perspective from in the last section of this blog
>>>>>>>> entry, and in the first comment:
>>>>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>>>>
>>>>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>>>>> went from 50% to 20% because they've slacked off and started
>>>>>>> allowing
>>>>>>> more questionable sites through or perhaps because they determined
>>>>>>> that the 50% protection rate included significant false-positives?
>>>>>>
>>>>>> That's entirely unclear to me as well.
>>>>>>
>>>>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>>>>> "Safe Browsing" API. Is that related to this and, if so, why
>>>>>>> wouldn't
>>>>>>> Firefox have a similar protection rate as Google. Or (which is
>>>>>>> likely
>>>>>>> the case), am I conflating two different things ;)
>>>>>>
>>>>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>>>>> list, as I understand it.  Google certainly hosts the list Firefox
>>>>>> uses, though it's possible some folks outside of Google  contribute
>>>>>> to
>>>>>> it.
>>>>>>
>>>>>> Google has new approaches to Safe Browsing, without publicly
>>>>>> documented
>>>>>> APIs.  The concern is that Google may be neglecting the Safe Browsing
>>>>>> used by Firefox and Safari because Google has cool new stuff it's not
>>>>>> sharing.  But the first comment to that blog post indicates that
>>>>>> Google
>>>>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to
>>>>>> use
>>>>>> it yet.  Then again, the blog post was written by one of the Mozilla
>>>>>> people working on Safe Browsing, and he didn't know about the offer
>>>>>> until he got that comment.
>>>>>>
>>>>>> That's not a great summary, but it's the best I can do right now.
>>>>>>
>>>>> I understand, thanks.
>>>>
>>>> I would be very interested in any more specific details about exactly
>>>> how
>>>> Firefox obtains the Google API (presumably downloads a file in the
>>>> background?, on a schedule?, filename?). Also what Firefox settings,
>>>> about:config, userChrome.css, or other tweaks can affect/enable/disable
>>>> it?
>>>> Thanks!
>>>
>>> Firefox obtained it the same way you would.
>>>
>>> http://code.google.com/more/
>>>
>>> Someone else will have to respond to the ability to
>>> enable/disable/remove.
>>>
>>> Why would you want to remove code that increases safety?
>>>
>>> If you are unfamiliar with APIs, they are basically instructions on how
>>> to get data or information from a web site, or post data or information
>>> to a web site. This article may help.
>>>
>>> http://en.wikipedia.org/wiki/Application_programming_interface
>>>
>>> ===============
>>>
>>> Thanks for the info. That gives me a general idea. As for why I would
>>> want
>>> to remove code that increases safety, I disagree with that premise. I
>>> seriously doubt that anything associated with google increases safety,
>>> privacy, or security. "Security" is used as a false excuse for putting
>>> adware, spyware, and malware on computers these days. Anything that is
>>> done
>>> without user's prior knowledge and approval, including this apparent
>>> secret
>>> download by Firefox in the "background"(?), falls into that category.
>>> They're pulling the wool over a lot of eyes, and it's time to expose
>>> their
>>> true nature!!
>>
>> Have you ever done any programming or scripting for web sites?
>>
>> ============
>>
>> I have a website... What I don't know I can learn. So lay it on me, if
>> you
>> know the answers...
>
> No, I don't think I know the answers you seek. I was asking in the
> context of wondering about your general knowledge of how browsers pass
> information around, and the limits of what you consider acceptable
> browser behavior.
>
> For example, on my website I use session data to identify you (as a
> Session ID) and  "follow you around" so when you return to the page that
> lists all your subscriptions, it serves up yours and not someone else's
> (or none at all). I also use APIs to give you a seamless switch when you
> move from my website to the website that hosts some of the games I
> design. The APIs log you in and take you directly to the game you
> subscribe to (which you requested at my website).
>
> Would you consider those nefarious because I did not explicitly tell you
> the browser is doing those things?
>
> I think you'd be stunned at the number of APIs in use on websites.
>
> ==========
>
> Nefarious is your word, not mine. Basically everything which a browser
> downloads and accesses should be disclosed and the user given an option to
> opt in/out. This particularly applies to "updates" and the items I've been
> discussing such as blocklist downloads and the google API downloads
> (presumably?) which happen via a background (hidden from user) process. In
> lieu of that, the browser has a suspicious design similar to adware,
> spyware, and malware -- and needs thorough investigation. Nothing on the
> internet is safe per se, or can be taken for granted, it must be proven
> so.
> It seems that the Mozilla gestapo thinks they can sneak some such things
> past their unsuspecting trusting users, but not while I'm around...
APIs and "hidden from users" are practically synonyms. That's the whole
point of APIs, completing tasks through code rather than having the user
laboriously do it manually piece by piece.

I too grow weary of your language. Goodbye for now.

============

Goodbye. I've gained some insight from this exchange. Thanks. It appears
then that "APIs" are suspicious by nature and that whole concept needs
investigation. A proper comparison point might be a simple browser like
Browzar which is presumably devoid of all such subtrefuges. As for which
browsers have them, and which don't, that's the next step... In the meantime
Firefox is under a serious cloud, and I think it likely is indeed spyware by
design.
--
JQP



_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

WaltS-3
In reply to this post by JohnQPublic
On 04/09/2012 05:30 PM, JohnQPublic wrote:

<snip>

>
> Basically everything which a browser downloads and accesses should be disclosed and the user given an option to
> opt in/out.


I can see the level of support going up if that occurred.

Firefox is constantly asking me if I want to... How do I make it stop!

--
Thunderbird Beta | openSUSE 12.1 | KDE 4.7.2
Humans aren't a color of skin, a religion, a sex, a sexual orientation,
or a flag. We are human beings and that is how we need to see and treat
each other. - Justin Sane
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

Sailfish-2
In reply to this post by JohnQPublic
My bloviated meandering follows what JohnQPublic graced us with on
4/9/2012 2:52 PM:

[snip /]

> In the meantime Firefox is under a serious cloud,

As is JohnQPublic for acts of trollism

> and I think it likely is indeed spyware by design.

As is your right. However, until you come forward with even a thin
thread of evidence rather than paranoid rants about spies lurking in
APIs and such, then expect others to take them non-seriously.

--
Sailfish - Netscape Champion
Mozilla Contributor Member - www.mozilla.org/credits/
Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
Rare Mozilla Stuff: https://www.projectit.com/
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Google and "Safe Browsing"

WaltS-3
In reply to this post by JohnQPublic
On 04/09/2012 05:52 PM, JohnQPublic wrote:

> "Bill Braun" <[hidden email]> wrote in message
> news:[hidden email]...
> On 4/9/2012 5:30 PM, JohnQPublic wrote:
>> "Bill Braun"<[hidden email]>  wrote in message
>> news:[hidden email]...
>> On 4/9/2012 4:26 PM, JohnQPublic wrote:
>>> "Bill Braun"<[hidden email]>   wrote in message
>>> news:[hidden email]...
>>> On 4/9/2012 2:26 PM, JohnQPublic wrote:
>>>> "Bill Braun"<[hidden email]>    wrote in message
>>>> news:[hidden email]...
>>>> On 4/7/2012 8:42 PM, JohnQPublic wrote:
>>>>> "Sailfish"<[hidden email]>     wrote in
>>>>> message
>>>>> news:[hidden email]...
>>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>>> 4:54
>>>>>> PM:
>>>>>>> On Fri, 06 Apr 2012 16:28:11 -0700
>>>>>>> Sailfish<[hidden email]>     wrote:
>>>>>>>
>>>>>>>> My bloviated meandering follows what »Q« graced us with on 4/6/2012
>>>>>>>> 4:06 PM:
>>>>>>>>> Note: NSS Labs doesn't have anything to do with Mozilla's NSS
>>>>>>>>> project/product -- the name's just a coincidence.
>>>>>>>>>
>>>>>>>>> <http://www.nsslabs.com/company/news/press-releases/899.html>
>>>>>>>>> Excerpt of press release:
>>>>>>>>>
>>>>>>>>>       Over the past several years, NSS Labs has conducted ongoing
>>>>>>>>> research into the protection capabilities of Chrome, Firefox,
>>>>>>>>> Internet Explorer, and Safari. The latest round of testing occurred
>>>>>>>>> from November 21, 2011 - January 5, 2012, during which we observed
>>>>>>>>> what appears to be a significant change when compared with
>>>>>>>>> historical results. Chrome's protection rate steadily climbed to
>>>>>>>>> just over 50% before suddenly falling back to 20%.  Over the same
>>>>>>>>> time period (Nov 21, 2011 - December 21, 2011), Firefox and
>>>>>>>>> Safari's block rate remained stuck at 2%, and then inexplicably
>>>>>>>>> jumped to 7% on the same day Chrome's protection precipitously
>>>>>>>>> dropped (December 22nd).
>>>>>>>>>
>>>>>>>>> Entire report, with charts and incendiary title:
>>>>>>>>> <http://www.nsslabs.com/assets/noreg-reports/2012/Did%20Google%20pull%20a%20fast%20one%20on%20Firefox%20and%20Safari%20users_.pdf>
>>>>>>>>>
>>>>>>>>> A bit more perspective from in the last section of this blog
>>>>>>>>> entry, and in the first comment:
>>>>>>>>> <http://www.morbo.org/2012/02/new-safebrowsing-backend.html>
>>>>>>>>>
>>>>>>>> Interesting but I'm unsure what to make of it. Was the reason Chrome
>>>>>>>> went from 50% to 20% because they've slacked off and started
>>>>>>>> allowing
>>>>>>>> more questionable sites through or perhaps because they determined
>>>>>>>> that the 50% protection rate included significant false-positives?
>>>>>>>
>>>>>>> That's entirely unclear to me as well.
>>>>>>>
>>>>>>>> Also, in another thread you mentioned that Firefox uses Google's
>>>>>>>> "Safe Browsing" API. Is that related to this and, if so, why
>>>>>>>> wouldn't
>>>>>>>> Firefox have a similar protection rate as Google. Or (which is
>>>>>>>> likely
>>>>>>>> the case), am I conflating two different things ;)
>>>>>>>
>>>>>>> Firefox uses Google's Safe Browsing API *and* Google's Safe Browsing
>>>>>>> list, as I understand it.  Google certainly hosts the list Firefox
>>>>>>> uses, though it's possible some folks outside of Google  contribute
>>>>>>> to
>>>>>>> it.
>>>>>>>
>>>>>>> Google has new approaches to Safe Browsing, without publicly
>>>>>>> documented
>>>>>>> APIs.  The concern is that Google may be neglecting the Safe Browsing
>>>>>>> used by Firefox and Safari because Google has cool new stuff it's not
>>>>>>> sharing.  But the first comment to that blog post indicates that
>>>>>>> Google
>>>>>>> has offered the new stuff to Mozilla and Mozilla hasn't decided to
>>>>>>> use
>>>>>>> it yet.  Then again, the blog post was written by one of the Mozilla
>>>>>>> people working on Safe Browsing, and he didn't know about the offer
>>>>>>> until he got that comment.
>>>>>>>
>>>>>>> That's not a great summary, but it's the best I can do right now.
>>>>>>>
>>>>>> I understand, thanks.
>>>>>
>>>>> I would be very interested in any more specific details about exactly
>>>>> how
>>>>> Firefox obtains the Google API (presumably downloads a file in the
>>>>> background?, on a schedule?, filename?). Also what Firefox settings,
>>>>> about:config, userChrome.css, or other tweaks can affect/enable/disable
>>>>> it?
>>>>> Thanks!
>>>>
>>>> Firefox obtained it the same way you would.
>>>>
>>>> http://code.google.com/more/
>>>>
>>>> Someone else will have to respond to the ability to
>>>> enable/disable/remove.
>>>>
>>>> Why would you want to remove code that increases safety?
>>>>
>>>> If you are unfamiliar with APIs, they are basically instructions on how
>>>> to get data or information from a web site, or post data or information
>>>> to a web site. This article may help.
>>>>
>>>> http://en.wikipedia.org/wiki/Application_programming_interface
>>>>
>>>> ===============
>>>>
>>>> Thanks for the info. That gives me a general idea. As for why I would
>>>> want
>>>> to remove code that increases safety, I disagree with that premise. I
>>>> seriously doubt that anything associated with google increases safety,
>>>> privacy, or security. "Security" is used as a false excuse for putting
>>>> adware, spyware, and malware on computers these days. Anything that is
>>>> done
>>>> without user's prior knowledge and approval, including this apparent
>>>> secret
>>>> download by Firefox in the "background"(?), falls into that category.
>>>> They're pulling the wool over a lot of eyes, and it's time to expose
>>>> their
>>>> true nature!!
>>>
>>> Have you ever done any programming or scripting for web sites?
>>>
>>> ============
>>>
>>> I have a website... What I don't know I can learn. So lay it on me, if
>>> you
>>> know the answers...
>>
>> No, I don't think I know the answers you seek. I was asking in the
>> context of wondering about your general knowledge of how browsers pass
>> information around, and the limits of what you consider acceptable
>> browser behavior.
>>
>> For example, on my website I use session data to identify you (as a
>> Session ID) and  "follow you around" so when you return to the page that
>> lists all your subscriptions, it serves up yours and not someone else's
>> (or none at all). I also use APIs to give you a seamless switch when you
>> move from my website to the website that hosts some of the games I
>> design. The APIs log you in and take you directly to the game you
>> subscribe to (which you requested at my website).
>>
>> Would you consider those nefarious because I did not explicitly tell you
>> the browser is doing those things?
>>
>> I think you'd be stunned at the number of APIs in use on websites.
>>
>> ==========
>>
>> Nefarious is your word, not mine. Basically everything which a browser
>> downloads and accesses should be disclosed and the user given an option to
>> opt in/out. This particularly applies to "updates" and the items I've been
>> discussing such as blocklist downloads and the google API downloads
>> (presumably?) which happen via a background (hidden from user) process. In
>> lieu of that, the browser has a suspicious design similar to adware,
>> spyware, and malware -- and needs thorough investigation. Nothing on the
>> internet is safe per se, or can be taken for granted, it must be proven
>> so.
>> It seems that the Mozilla gestapo thinks they can sneak some such things
>> past their unsuspecting trusting users, but not while I'm around...
>
> APIs and "hidden from users" are practically synonyms. That's the whole
> point of APIs, completing tasks through code rather than having the user
> laboriously do it manually piece by piece.
>
> I too grow weary of your language. Goodbye for now.
>
> ============
>
> Goodbye. I've gained some insight from this exchange. Thanks. It appears
> then that "APIs" are suspicious by nature and that whole concept needs
> investigation. A proper comparison point might be a simple browser like
> Browzar which is presumably devoid of all such subtrefuges. As for which
> browsers have them, and which don't, that's the next step... In the meantime
> Firefox is under a serious cloud, and I think it likely is indeed spyware by
> design.

A proper comparison?

http://web3.0log.org/2006/09/01/new-secure-browser-browzar-is-fake-and-full-of-adware/

--
Thunderbird Beta | openSUSE 12.1 | KDE 4.7.2
Humans aren't a color of skin, a religion, a sex, a sexual orientation,
or a flag. We are human beings and that is how we need to see and treat
each other. - Justin Sane
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
12