On Wed, 25 Feb 2015 09:26:57 +0000 Gervase Markham <[email protected]> wrote:
> That's a pretty major conclusion to reach on pretty shaky evidence. > Have you actually tested a version of PrivDog _as shipped by Comodo_ > and detected this problem? As I've been the one finding these issues I think I can give some facts here: * No, the TLS validation issue does not affect the Comodo shipped version. They use a browser plugin which is different and doesn't do TLS-mitm. * There are personal ties between Comodo and Privdog and Comodo has been and is still actively advertising Privdog (that is they link to the privdog webpage and suggest you should install their product). * There is another issue that privdog is sending all urls in clear text home to a server from adtrust media. They told me they'll change this to https in the future, but still they send out every URL. This issue is true for both the comodo shipped version and the standalone version [1]. I will let others decide what they make out of this, I just wanted to contribute the facts. If there are questions I can answer please ask. [1] https://blog.hboeck.de/archives/866-PrivDog-wants-to-protect-your-privacy-by-sending-data-home-in-clear-text.html -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
pgpXKBzqANH_d.pgp
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
