[IP] Microsoft anti-phishing tool sends Microsoft a list of sites visited [priv]
Begin forwarded message:
From: Declan McCullagh <declan@xxxxxxxx>
Date: September 10, 2005 2:32:49 PM EDT
To: politech@xxxxxxxxxxxxxxx
Subject: [Politech] Microsoft anti-phishing tool sends Microsoft a
list of sites visited [priv]
-------- Original Message --------
Subject: Microsoft anti-phishing tool sends Microsoft a list of sites
visited
Date: Thu, 8 Sep 2005 14:56:33 -0700
From: Joshua Weinberg <joshua@xxxxxxxxxxxxxxxx>
Reply-To: <joshua@xxxxxxxxxxxxxxxx>
To: <declan@xxxxxxxx>
Declan, for Politech if you'd like.
This article says that Microsoft's new anti-phishing filter will work by
sending Microsoft the address of every site visited that is not
already on a
safe/unsafe list. It quotes the EFF worrying that this is "a wholesale
handing over of one's privacy to Microsoft."
I'm surprised I have not seen much else on this in the press or from
privacy
advocates.
Thanks,
-joshua
Joshua Weinberg
joshua@xxxxxxxxxxxxxxxx
Does anti-phishing tool angle for too much data?
http://www.dallasnews.com/sharedcontent/ptech/
generalstories2/082705ccdrptechphishing.3eb9bea7.html (registration
required)
August 27, 2005
By MIKE GOLDFEIN / The Dallas Morning News
Microsoft Corp. will soon release a security tool for its Internet
browser
that privacy advocates say could allow the company to track the surfing
habits of computer users. Microsoft officials say the company has no
intention of doing so.
The new feature, which Microsoft will make available as a free
download
within the next few weeks, is prompting some controversy, since it
will tell
the company what Web sites users are visiting.
The browser tool is being called a "phishing filter." It is designed
to warn
computer users about "phishing," an online identity theft scam.
The Federal Trade Commission estimates that about 10 million
Americans were
victims of identity theft in 2005, costing the economy $52.6 billion.
But privacy groups are already raising questions about how this
feature will
work, and some computer security experts are questioning whether it
will be
effective.
Phishing fraud normally begins when computer users receive e-mails
appearing
to be from banks, eBay, or credit card companies, requesting account
updates.
Links are provided to Web sites that seem legitimate. Unwary users
are duped
into giving up their Social Security, credit card and banking account
information.
In an effort to protect Internet users, Microsoft's anti-phishing
tool is
designed to verify the safety of every Web site and to issue warnings if
users encounter a suspected or known phishing site. It will use a
three-step
process.
First, the browser will automatically check the address of every Web
site a
user visits against a list of sites Microsoft has verified to be
legitimate.
This list will be kept on users' computers.
If no match is found, the Phishing filter will send the address to
Microsoft, where it will be checked against a list of known phishing
sites
that the company intends to update every 20 minutes. A match will
trigger a
warning that will pop up in the browser.
[...remainder snipped...]
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/