Bug#575039: safebrowsing is enabled by default and sending data without my consent

Holger Levsen holger at layer-acht.org
Tue Mar 23 13:50:19 UTC 2010


reopen 575039
thanks

On Dienstag, 23. März 2010, Mike Hommey wrote:
> The only data safebrowsing sends is a request for a database. It doesn't
> send your browsing data.

I don't think, that's right. First of all, it also sends my IP address, by 
definition. 

Then, in the URL being requested there is this looooong wrkey variable, which 
looks like a unique ID to me, mabye it's the google cookie by which google 
tracks each browser..  do you know for sure what it is? This one:

http://safebrowsing.clients.google.com/safebrowsing/downloads?client=Iceweasel&appver=3.0.6&pver=2.2&wrkey=AKEgNiuhoOEmKsbgcf26JrVQOcsFTiymVIKMPFtbUtKZ4TKeNsA_RU9P1-BAJvw0hcFHm4vwwnXmvNuUsYZGzh7qJaK35U-xow== 

Can you please add a note to README.Debian (or somewhere similar) to document 
this?

On Dienstag, 23. März 2010, Mike Hommey wrote:
> And currently, as it sends request google doesn't like, safebrowsing is
> effectively disabled. See bug #518357.

Well, the feature might be broken currently, but still my browser sends data 
without my consent. And, as the feature is broken, even completly uselessly 
violates my privacy.


cheers,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20100323/5de1b769/attachment-0001.pgp>


More information about the pkg-mozilla-maintainers mailing list