Does Firefox 2's anti-phishing tool violate privacy?


firefox.jpgThere are concerns that the latest and greatest Firefox, version 2, could compromise a user’s privacy because of the way that its anti-phishing system works.

To use the feature, you (apparently, I haven’t used it yet) have to send Google a record of every website you visit. A cookie is then used to record your behaviour data when using Firefox, providing it to Google for their own purposes.

It’s an opt-in scheme, so it won’t happen without your permission, but then it could be buried in some terms and conditions that a user may not bother to read if they’re more concerned with protecting themselves from phishing attacks.

On the flip side of the coin, commentators say that Google probably aren’t doing anything with your data that your ISP and other online companies that you interact with don’t already do.

As the Platinax site notes: “The simple truth is that online privacy is already a mess, and that internet users are often simply not allowed to determine how their personal data may be collected, used, or processed.”

Mozilla are now a ‘for profit’ group, but have they sold out for the sake of profits?

(Via Platinax)

Andy Merrett
For latest tech stories go to


  • There are actually two sides to the antiphishing feature; one is that your browser will download a blacklist, and this method of antiphishing has nothing to do with sending information to google. The other method, which is supposed to be more recent and reliable, is to send each page to google for comparison against their blacklist. Sooooo…if you don’t want google to have your list of sites you visit – simply keep the antiphishing feature as DEFAULT – “check using a downloaded list…”….again, which does not send any information to

  • It’s strange that people are pointing their finger at Firefox when IE7’s antiphishing feature actually works the same as Firefox’s does with the default options. In fact, from what I’ve heard (although this may end up not being the case), Opera 9.1 will do antiphishing option #2 (requesting data from a central server with every page request) by default, thus generating bigger privacy issues.

Comments are closed.