Comments on: Google captured my privacy! http://soroush.secproject.com/blog/2009/12/google-captured-my-privacy/ Soroush Dalili's blog - بلاگ سروش دلیلی Thu, 05 Jan 2012 08:06:32 +0000 hourly 1 By: Soroush Dalili http://soroush.secproject.com/blog/2009/12/google-captured-my-privacy/comment-page-1/#comment-4026 Soroush Dalili Sun, 27 Dec 2009 19:46:35 +0000 http://soroush.secproject.com/blog/?p=183#comment-4026 You are right. But, according to "http://www.mozilla.com/en-US/firefox/phishing-protection/": "Before blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update. In both cases, existing cookies you have from google.com, our list provider, may also be sent." Google has this chance to write down the name of the website which has been blocked such as "milw0rm.com" and we want to visit it. And, perhaps an especial website can be inserted in this list intently, and then it can be discarded during the second check. So, no one can realize it... You are right. But, according to “http://www.mozilla.com/en-US/firefox/phishing-protection/”:
“Before blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update. In both cases, existing cookies you have from google.com, our list provider, may also be sent.”
Google has this chance to write down the name of the website which has been blocked such as “milw0rm.com” and we want to visit it. And, perhaps an especial website can be inserted in this list intently, and then it can be discarded during the second check. So, no one can realize it…

]]> By: xanda http://soroush.secproject.com/blog/2009/12/google-captured-my-privacy/comment-page-1/#comment-4024 xanda Sun, 27 Dec 2009 11:16:19 +0000 http://soroush.secproject.com/blog/?p=183#comment-4024 “Browsers use Google to detect web forgery -> So, a browser send a request to Google before openning a website for you! … <= Hi, from my understanding, firefox will download the hash from Google Safe Browsing API and stored locally, URL will be compared locally instead of send the request to Google ;) more info: http://code.google.com/apis/safebrowsing/developers_guide.html “Browsers use Google to detect web forgery -> So, a browser send a request to Google before openning a website for you! … <= Hi, from my understanding, firefox will download the hash from Google Safe Browsing API and stored locally, URL will be compared locally instead of send the request to Google ;)

more info: http://code.google.com/apis/safebrowsing/developers_guide.html

]]>