Subscribe to
NSLog(); Header Image

Safari 3.0 to Use Google’s Anti-Phishing Blacklist?

TUAW displays some new Leopard screenshots, a few of which detail Safari 3.0's new anti-phishing features. These reportedly tie into Google's blacklist of known fraudulent sites. As commenter #27 puts it:

The only downside of the anti-phishing / anti-fraude is that every URL you browse gets relayed to Google, to check if it is blocked.

Talk about Google get an idea of every page people visit. Not just what they search for via Google.

Interesting indeed. Naturally, a lot of people access back-end administrative interfaces which are otherwise not linked to. Given Google's recent "Code" (i.e. password-finding) feature, even the most trusting are probably going to worry about Google knowing the location of every page I visit every day.

Of course, I'm typically smart enough to not visit a phishing site, though I may occasionally. As such, the penalty for maintaining your privacy seems too steep: you have a choice between showing Google all the sites you visit on the Web or having no anti-phishing protection whatsoever?

7 Responses to "Safari 3.0 to Use Google’s Anti-Phishing Blacklist?"

  1. Why couldn't they implement a client side system. E.g. each day your browser would download the updated blacklist and do the comparison locally rather than over the net.

  2. Well, matonmacs, let's remember two key things:That may be the way they do it.They may do a different kind of browser-side filtering, like comparing the page content to the URL, looking for unicode in the URL, etc.In other words, nobody is sure yet whether Google is contacted. They're just known to have such a blacklist and Apple and Google are just known to be working together to more tightly integrate some of their services.

  3. I sure hope there's a way to disable that "feature."

  4. [quote comment="19505"]I sure hope there's a way to disable that "feature."[/quote]

    ..says the guy who likes to have his information compromised

  5. [quote comment="20745"]… says the guy who likes to have his information compromised[/quote]
    That doesn't make any sense. If you simply don't click on phishing sites - and if you type in the domain names yourself - you won't be phished.

  6. [quote comment="20745"][quote comment="19505"]I sure hope there's a way to disable that "feature."[/quote]

    ..says the guy who likes to have his information compromised[/quote]

    I've never had an anti-phishing feature before, and I've also never been tempted to type my information into a phishing site. I'm not an idiot user, and I don't need idiot-user features such as this one in order to not be had. I stand by my original comment.

  7. The reason they don't use blacklists (or at least; shouldn't) is because phishing is something that has very much effect in very short time. This is why Opera doesn't use blacklists, as they explain on their website. A website that wasn't known in the morning when you downloaded the updated list may be a phishing website now; so much for anti-phishing.