-------- Original Message -------- Subject: Microsoft anti-phishing tool sends Microsoft a list of sites visited Date: Thu, 8 Sep 2005 14:56:33 -0700 From: Joshua Weinberg <joshua@private> Reply-To: <joshua@private> To: <declan@private> Declan, for Politech if you'd like. This article says that Microsoft's new anti-phishing filter will work by sending Microsoft the address of every site visited that is not already on a safe/unsafe list. It quotes the EFF worrying that this is "a wholesale handing over of one's privacy to Microsoft." I'm surprised I have not seen much else on this in the press or from privacy advocates. Thanks, -joshua Joshua Weinberg joshua@private Does anti-phishing tool angle for too much data? http://www.dallasnews.com/sharedcontent/ptech/generalstories2/082705ccdrptechphishing.3eb9bea7.html (registration required) August 27, 2005 By MIKE GOLDFEIN / The Dallas Morning News Microsoft Corp. will soon release a security tool for its Internet browser that privacy advocates say could allow the company to track the surfing habits of computer users. Microsoft officials say the company has no intention of doing so. The new feature, which Microsoft will make available as a free download within the next few weeks, is prompting some controversy, since it will tell the company what Web sites users are visiting. The browser tool is being called a "phishing filter." It is designed to warn computer users about "phishing," an online identity theft scam. The Federal Trade Commission estimates that about 10 million Americans were victims of identity theft in 2005, costing the economy $52.6 billion. But privacy groups are already raising questions about how this feature will work, and some computer security experts are questioning whether it will be effective. Phishing fraud normally begins when computer users receive e-mails appearing to be from banks, eBay, or credit card companies, requesting account updates. Links are provided to Web sites that seem legitimate. Unwary users are duped into giving up their Social Security, credit card and banking account information. In an effort to protect Internet users, Microsoft's anti-phishing tool is designed to verify the safety of every Web site and to issue warnings if users encounter a suspected or known phishing site. It will use a three-step process. First, the browser will automatically check the address of every Web site a user visits against a list of sites Microsoft has verified to be legitimate. This list will be kept on users' computers. If no match is found, the Phishing filter will send the address to Microsoft, where it will be checked against a list of known phishing sites that the company intends to update every 20 minutes. A match will trigger a warning that will pop up in the browser. [...remainder snipped...] _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Sat Sep 10 2005 - 12:52:11 PDT