[Politech] Microsoft anti-phishing tool sends Microsoft a list of sites visited [priv]

From: Declan McCullagh (declan@private)
Date: Sat Sep 10 2005 - 11:32:49 PDT


-------- Original Message --------
Subject: Microsoft anti-phishing tool sends Microsoft a list of sites 
visited
Date: Thu, 8 Sep 2005 14:56:33 -0700
From: Joshua Weinberg <joshua@private>
Reply-To: <joshua@private>
To: <declan@private>

Declan, for Politech if you'd like.

This article says that Microsoft's new anti-phishing filter will work by
sending Microsoft the address of every site visited that is not already on a
safe/unsafe list.  It quotes the EFF worrying that this is "a wholesale
handing over of one's privacy to Microsoft."

I'm surprised I have not seen much else on this in the press or from privacy
advocates.

Thanks,
-joshua

Joshua Weinberg
joshua@private



Does anti-phishing tool angle for too much data?
http://www.dallasnews.com/sharedcontent/ptech/generalstories2/082705ccdrptechphishing.3eb9bea7.html 
(registration required)

August 27, 2005

By MIKE GOLDFEIN / The Dallas Morning News

Microsoft Corp. will soon release a security tool for its Internet browser
that privacy advocates say could allow the company to track the surfing
habits of computer users. Microsoft officials say the company has no
intention of doing so.

  The new feature, which Microsoft will make available as a free download
within the next few weeks, is prompting some controversy, since it will tell
the company what Web sites users are visiting.

The browser tool is being called a "phishing filter." It is designed to warn
computer users about "phishing," an online identity theft scam.

The Federal Trade Commission estimates that about 10 million Americans were
victims of identity theft in 2005, costing the economy $52.6 billion.

But privacy groups are already raising questions about how this feature will
work, and some computer security experts are questioning whether it will be
effective.

Phishing fraud normally begins when computer users receive e-mails appearing
to be from banks, eBay, or credit card companies, requesting account
updates.

Links are provided to Web sites that seem legitimate. Unwary users are duped
into giving up their Social Security, credit card and banking account
information.

In an effort to protect Internet users, Microsoft's anti-phishing tool is
designed to verify the safety of every Web site and to issue warnings if
users encounter a suspected or known phishing site. It will use a three-step
process.

First, the browser will automatically check the address of every Web site a
user visits against a list of sites Microsoft has verified to be legitimate.

This list will be kept on users' computers.

If no match is found, the Phishing filter will send the address to
Microsoft, where it will be checked against a list of known phishing sites
that the company intends to update every 20 minutes. A match will trigger a
warning that will pop up in the browser.


[...remainder snipped...]
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)



This archive was generated by hypermail 2.1.3 : Sat Sep 10 2005 - 12:52:11 PDT