> > 12. What information is sent to Google when I enable the Enhanced > Protection Feature? > > > > When enabled, the entire URL of the site that you're visiting will be > securely transmitted to Google for evaluation. In addition, a very condensed > version of the page's content may be sent to compare similarities between > authentic and forged pages. For example, if the condensed 'fingerprint' of > the page you are visiting matches the 'fingerprint' of a popular bank's site > but the page's URL is different, that's a good sign that the page you are on > is designed to mislead users.
<snip> well, there we go - that's google's response to the problem, and I suppose it's hardly google's fault if we use crap passwords anyway. BUT at the same time, it springs to mind, why would google opt for a mechanism which sends all of this information, in plain text, to the client? surely it would be possible to run the site checking mechanism server-side, and if not, at least make it a bit more difficult to get to the data? I didn't spend too much time reading how the information was gathered, but I'm guessing it was just your standard interception through a paraos-type proxy. However, this begs the question of how much personal data google should be allowed to store - let *alone* send it to other users of the internet. Regards, Ronald. -- Ronald MacDonald http://www.rmacd.com/ 0777 235 1655 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
