Am 11.06.2012 22:45, schrieb Sid Stamm: > On 06/11/2012 01:29 PM, Kevin Chadwick wrote: >> On Mon, 11 Jun 2012 08:57:35 -0700 >> Sid Stamm wrote: >> >> a) can be turned off > > Absolutely. There will be a preference, and if the feature results in > direct connection to Google with the URL, hash and size, we should > carefully consider whether to turn it on or off by default. >
Hello * I'm not an expert, but as a user I want to be able to turn that feature off, as easy as possible. While there are discussions about allowing cookies only with the users consensus, a service, connected to on a daily basis for whitelist updates, that potentially gathers all URLs of my downloaded executables must be opt in all the more. You will get a firefox warning when downloading a malicious file with an ".exe" extension, but you do not get it, when the same file is downloaded and packed with a ".zip" extension? Won't that lull the user in a false sense of security and won't he blame firefox/mozilla? Google or anybody who gets exclusively informations about the "download behavior" of millions of users can at least use this advantage to redirect its resources in software development or marketing money to hold down emerging competitors. Is mozilla willing to assist? What about copyright holders, law enforcement or other public authorities? They might me interested to know, if, what and when a specific IP downloaded something not whitelisted. Was Google ever asked/forced to tell? How long do they store the user queries and are they anonymised (stored without source ip)? The Application Reputation system might be useful, but as long as abuse is not impossible, the use should be "opt in" and the user prepared with proper information about the pros and cons. Nevertheless it is great, that ordinary users like me are asked here for their opinion. All the best. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
