Netcraft Antiphishing Toolbar....

The Dragon Slayer
 Share Followers 0

Recommended Posts

TheTerrorist_75

TheTerrorist_75

Posted
Posted

The Anti-phishing Tool Bar Controversy...

Here we have a case of what the value proposition is for the customer. The toolbar privacy policy clearly states what the tool will do - from the agreement:

# Information Automatically Logged We use your IP address to help diagnose problems with our server and to administer our Web site. Your IP address may also used to display regional advertising banners.

# Advertisers Sometimes advertisers may use third party banner servers to display banners on our site. These servers are not under Netcraft's control.

# Cookies Netcraft uses cookies in areas of the site requiring authentication, and as part of its banner serving system.

Now, it has been mentioned on numerous sites as indicating that end-users should be looking out for popups, banner ads and other things associated with Adware, and that it tracks users for "hidden" purposes. But look again - it doesn't say this applies to the toolbar. It says these ads are on the website. And "banner serving system" has to refer to the website too - banners served by a toolbar wouldn't be very big to look at! No, the issue here is that the terms for the toolbar and the terms for the website don't appear to have been separated well enough. Or at least, they have, but not enough for the average end-user to understand. This is despite the fact that the article clearly states lower down the page that the toolbar collects the below (under the heading of Netcraft toolbar!):

* A unique identification reference is generated for each Toolbar installation. This is sent back to us when the Toolbar attempts to download updated versions of its software and is used for planning and licensing purposes. This is not sent as part of the Toolbar's normal operation when browsing the web.

* Web sites (not URLs) visited when browsing the web. These are used to provide contextual reports and popularity ranking information for the site being browsed.

* Secure hashes of URLs visited when browsing the web. These are used to defend against phishing sites by comparing the hash against a list of hashes of previously reported phishing URLs and blocking the page if a match is found. There is no other case in which we can determine the URL of the page you have visited from the hash which we receive.

* The Toolbar does not collect any personal information except that described above. In particular, we do not collect personal information which can identify the browsing habits of individual users.

So we can see that, although Netcraft has made every effort to make clear what the toolbar does, there is still confusion in the end-user's mind with regards what the software actually collects. The interesting question is, what can Netcraft and companies like them, and (more importantly) the end-users do to clarify these issues? It's a question with no easy answers, but as the above has illustrated, these days even producing a tool designed to increase security can be filled with unintentional perils.

Link to post
Share on other sites
The Dragon Slayer

The Dragon Slayer

Posted
  • Author
Posted (edited)
The Anti-phishing Tool Bar Controversy...
Here we have a case of what the value proposition is for the customer. The toolbar privacy policy clearly states what the tool will do - from the agreement:

# Information Automatically Logged We use your IP address to help diagnose problems with our server and to administer our Web site. Your IP address may also used to display regional advertising banners.

# Advertisers Sometimes advertisers may use third party banner servers to display banners on our site. These servers are not under Netcraft's control.

# Cookies Netcraft uses cookies in areas of the site requiring authentication, and as part of its banner serving system.

Now, it has been mentioned on numerous sites as indicating that end-users should be looking out for popups, banner ads and other things associated with Adware, and that it tracks users for "hidden" purposes. But look again - it doesn't say this applies to the toolbar. It says these ads are on the website. And "banner serving system" has to refer to the website too - banners served by a toolbar wouldn't be very big to look at! No, the issue here is that the terms for the toolbar and the terms for the website don't appear to have been separated well enough. Or at least, they have, but not enough for the average end-user to understand. This is despite the fact that the article clearly states lower down the page that the toolbar collects the below (under the heading of Netcraft toolbar!):

* A unique identification reference is generated for each Toolbar installation. This is sent back to us when the Toolbar attempts to download updated versions of its software and is used for planning and licensing purposes. This is not sent as part of the Toolbar's normal operation when browsing the web.

* Web sites (not URLs) visited when browsing the web. These are used to provide contextual reports and popularity ranking information for the site being browsed.

* Secure hashes of URLs visited when browsing the web. These are used to defend against phishing sites by comparing the hash against a list of hashes of previously reported phishing URLs and blocking the page if a match is found. There is no other case in which we can determine the URL of the page you have visited from the hash which we receive.

* The Toolbar does not collect any personal information except that described above. In particular, we do not collect personal information which can identify the browsing habits of individual users.

So we can see that, although Netcraft has made every effort to make clear what the toolbar does, there is still confusion in the end-user's mind with regards what the software actually collects. The interesting question is, what can Netcraft and companies like them, and (more importantly) the end-users do to clarify these issues? It's a question with no easy answers, but as the above has illustrated, these days even producing a tool designed to increase security can be filled with unintentional perils.

Thanks for the info. Sound legit. I'll give it a try.

Edit: I have tried the toolbar for a few hours. It works pretty good. It doesn't cause any conflict with Spoofstick that I have already had on my browser. So far, I haven't seen any ad at all. Subsequently scanning with Ad-Aware and MS antispyware program yields nothing to be concerned with. I guess this one is ok.

Edited by The Dragon Slayer
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing