User Privacy and the Phishing Filter

[アーティクル]
05/08/2006

When we shipped the Microsoft Phishing Filter in Internet Explorer 7 Beta 1, many readers on the blog asked: if the Phishing Filter is checking suspicious URLs against a web service, how would Microsoft protect user privacy?

We know that for customers to benefit from the work we put into the Phishing Filter, they have to trust us enough to use it. As you’ve been hearing for years, Microsoft now engineers our products to be more secure by default. In the same way, we engineered the Phishing Filter to protect user privacy. Most importantly, when the Phishing Filter checks if a site is a phishing site, the URL it sends to the web service cannot be used to personally identify you. That was just one of the ways that we engineered the Phishing Filter to protect user privacy.

To prove that the Phishing Filter protects privacy, we asked Jefferson Wells, a well known technology audit firm, to take a look at our design. We gave them in-depth access to the technology and to the engineering team. After they studied the technology and interviewed the engineering team, they agreed that the claims we made about protecting your privacy are true and accurate.

You can read the results of the Jefferson Wells Audit yourself to learn more.

We want you to understand this is a longterm commitment to protect your privacy. To prove our ongoing commitment, we’re going to repeat this audit periodically so that even if the service changes in some way, you’ll still have proof that the web service protects your privacy.

Thanks,
Rob Franco

Comments

Anonymous
May 08, 2006
No, we asked why Microsoft and not an independent group are seeing the websites we visit.

There's a difference.
Anonymous
May 08, 2006
(...actually, that too.)
Anonymous
May 08, 2006
independent group ??? who might they be ?

virgins ??

police officers ??

NSA officials ??

Who do you trust anyway ??
Anonymous
May 08, 2006
The comment has been removed
Anonymous
May 08, 2006
<quote>If you get a request to https://home.example.isp/maryjo/control-panel/, you can reasonably infer the user's first name is Mary Jo. You can even reasonably guess that her email address is maryjo@example.isp.</quote>

Maurits, I just clicked on your example link https://home.example.isp/maryjo/control-panel/, and guess what, I'm not Mary Jo! So no, clicking on a link that happens to have someone's "name" in it, does not identify the clicker. ;-)
Anonymous
May 08, 2006
I'm interested in how IE7 determines that a site is "suspicious"...

In both Beta2 previews, several of my pages were being flagged as being suspicious, which worried me slightly - too many false positives, especially against your own work, is never a good thing.

However, in the "final" Beta2, my pages aren't flagged - was there a change made, and if so what?
Anonymous
May 08, 2006
The comment has been removed
Anonymous
May 08, 2006
When would IE download this file? Each time you opened IE? The first time you opened IE each day? Each time you booted your computer?

There are problems with each of these solutions, mostly having to do with the user experience.
Anonymous
May 08, 2006
The comment has been removed
Anonymous
May 08, 2006
The comment has been removed
Anonymous
May 08, 2006
rdmiller:

Seems like antivirus manufacturers have managed to cope with that "problem."

Also, in response to that audit, it's incredibly misleading. It uses the MS definition of private info. To me, having my IP address, and the websites I browse is too personal for me. It's like you define it in such a way to make sure you're definition holds true. You can trace my browsing back to my IP. You can trace my IP to me. Though my personal info may not be directly transmitted, you can certainly get to it.
Anonymous
May 08, 2006
The comment has been removed
Anonymous
May 08, 2006
It seems for the content of the posts here that most people did not even bother to read the audit before posting!

You are worried because of Microsoft's definition of “Personally Identifiable Information"? Well, this seems to be a good definition: "[it] means any information that identifies or can be used to identify, contact, or locate the person to whom such
information pertains, or from which identification or contact information of
an individual person can be derived. Some examples of PII include first and last name, address, and e -mail address.”
Anonymous
May 08, 2006
I love how people get worried about internet surfing privacy, but then probably throw reciepts and banking statements straight in the bin without shredding them.
Anonymous
May 08, 2006
IE7 Has interesting feature to protect us.
It disables running some scripts from my computer, but allows them to run from internet. Does it mean that IE trusts me less than that website?
Anonymous
May 08, 2006
The comment has been removed
Anonymous
May 08, 2006
I personally think this is a great feature.

But if you don't like this feature, don't switch it.

I don't understand why some of you are complainging about privacy issues since all your data is stored anyway. Think of ISPs, Google, the Government. So if you want to keep you privacy private, go and live in some cave in Afghanistan.
Anonymous
May 09, 2006
Dalmuti509: you're making some huge assumptions about how our technology works (like assuming that the check of our phishing database is made in serial with a user's request to browse). We have designed a system that we feel is both scalable to broad Internet use and fast enough to deal with phishing sites that come and go in a matter of hours.

-Christopher [MSFT]
Anonymous
May 09, 2006
The comment has been removed
Anonymous
May 09, 2006
The comment has been removed
Anonymous
May 09, 2006
The comment has been removed
Anonymous
May 09, 2006
Is there a harmless test-link that Microsoft uses to test the filter?
Anonymous
May 10, 2006
"Is there a harmless test-link that Microsoft uses to test the filter?"

Yes, https://www.woodgrovebank.com
Anonymous
May 10, 2006
"Yes, https://www.woodgrovebank.com"

(LOL, it's a "Bank of Redmond"...)

Glad to know the filter actually works on my end.
Anonymous
May 10, 2006
The comment has been removed
Anonymous
May 10, 2006
Pretend I am Microsoft here.
1. I provide a service which handles personal data and I want people to trust this service.
2. But I don't want to disclose to people the internals of this service.
3. How can I give proof to people that they can trust my service ?
4. I am going to ask another company, which I will pay substentially for this, to check the internals of the system but they cannot disclose how the service works internally. They can just come up with a "yes/no" affirmation.
5. How on earth is anyone supposed to feel more safe about it ?

Add to this the fact that most people have an issue with putting "Microsoft" and "trust" in the same sentence and you might realise that you're on the wrong track.

Conclusion: this is, once again, a situation that requires you to be as open as possible.
1. Give me a copy of the source code
2. Make sure you are legally bound to run the same version as what you disclose
3. I might trust you then

Until then stop making promises you cannot hold.
Anonymous
May 10, 2006

Let's all give away our software for free.
2. Let's give away all the source code too.
3. Let's give away all rights
4. Instead, let's license all the rights to someone in charge of the GPL
5. Now nobody makes any money.
6. Nobody can pay anyone.
7. People starve, innovation stops, the cows come home, etc.

Anonymous
May 10, 2006
Wraith, you're missing the point.

This is not an open source vs proprietary issue.

It is a "how can I be trusted" issue.
No one can trust a system as long as you keep parts of it hidden. It's just logically.

I will never entirely trust software for which I don't know anything about the code.

Now this doesn't matter with most software. But when it's a system dealing with security and privacy issues, it does.
Anonymous
May 10, 2006
I'll trust a company which can be sued a lot more than a bunch of open source developers who just check code in and aren't responsible next year for what is in it.
Anonymous
May 10, 2006
You guys aren't really open-minded are you ?

Stop thinking about crusades, that's not the point here.

I don't care and I would, just like you Ghost, actually prefer if it was MS developping this.

I just want to be able to check what is handling my personal data. What's wrong with that.

Currently what the IE team is proposing is to blindly trust them (audits have never been a proof of anything).
All I'm asking is to be able to trust them.
Anonymous
May 10, 2006
This is currently what is being diaplyed at the top of the Jefferson Wells page Rob linked to (http://www.jeffersonwells.com/client_audit_reports/main.htm):

<%@ Control Language="c%23" AutoEventWireup="false" Codebehind="../Controls/header.ascx.cs" Inherits="JeffersonWells.Controls.header" TargetSchema="http://schemas.microsoft.com/intellisense/ie5"%>

So I'm being asked to trust a web security and privacy ausit done by people who can't setup a basic website and webserver correctly.
Correct me if I'm wrong but it's asking a lot ....
Anonymous
May 10, 2006
The comment has been removed
Anonymous
May 10, 2006
The comment has been removed
Anonymous
May 10, 2006
And to illustrate what I was just saying: http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm

There's a good chance they are already doing the same with the web. No need to encourage them by provide MS with a ready-made database.

So can anyone confirm that this filter will be optional ?
Anonymous
May 10, 2006
Any technician with access to your ISP routers could get much much more information about you and sites you visit than the phishing filter, including information about other services like files sharing, instant messaging and emails (even encrypted, they can still see how much data is being exchanged and which server you're connecting to).
What to say about people with access to your company or ISP proxy server ?!

Even if you use an anonymizer proxy, you're hiding your IP from web sites you visit, but now that one company providing that service could be gathering all the information you wanted to hide from every other people.

Not trusting the IE7 phishing filter has an easy fix, just turn it off!
I'm sure people that are that concerned about their privacy can also manually identify phishing sites. The phishing filter will only benefit people who could get phished.

Now, if you don't want your personal IP to be identifiable by your ISP or other people, it's a whole other problem, and I'm effraid the only solution for now is to turn off your network connection...
Anonymous
May 11, 2006
The comment has been removed
Anonymous
May 11, 2006
@EricLaw:
Thanks for the explanation regarding the local scripts limitation introduced in IE6XPSP2.

@Cyril Doussin:
I'll take the word of an auditing company over having the source. I don't have time to pour through someone's source code nor the ability to bless it as "good". And I don't trust a bunch of anonymous OSS devs (most of which hate MSFT, so can hardly be considered "objective" in any case) to be able to do so reliably either.
Anonymous
May 11, 2006
The comment has been removed
Anonymous
May 11, 2006
The comment has been removed
Anonymous
May 12, 2006

One of Internet Explorer 7's greatest security features is the
Microsoft Phishing Filter, which checks shady URLs against a web
service, and in turn determines if the user should avoid the requested
site. Although one would think that no harm
Anonymous
May 12, 2006
I have a question about the Phishing Filter.

I don't think too many people would disagree with me when I say that the WWW (or rather, the entire card of services that the Internet has to offer) is in a constant state of flux.

I am curious to know what will or might happen to the phishing filter over time when IE7 is no longer current news or supported software.
Anonymous
May 12, 2006
@Cyril:

For what it's worth, I agree with you. There is simply no benefit to keeping the source code for this feature secret. In fact, there is IMO almost certainly a massive benefit in opening this feature to public scrutiny.

But that is not our decision to make. Every company on this planet has the right to say "we own this, and we get to decide who sees it, and we decided you don't get to see it". They do not need to have a reason. They do not need to explain themselves. It is their choice, not ours.

And if you have a problem with this, then your platform isn't really about being free and open at all... it's just "meet the new boss, same as the old boss". Which is where I really start to have a massive concern about the culture and society around open source software, because most of its members do have a problem with this.
Anonymous
May 12, 2006
@Cyril:

>"if MS ever released the source for something
> like this, you can be sure that more than a
> bunch of OSS devs would have a good look at
> it."

But you can be sure that a group of Microsoft haters will "find" some problem (whether it exists or not), make a big fuss over it, and suddenly we have a contrived controversey with Microsoft haters and objective analysts debating the issue against each other. The mere existence of the controversey causes nobody to use the filter (or even pressures Microsoft into removing it altogether), even if there is no real problem with it, in which case the Microsoft haters obtain their objective.
Anonymous
May 14, 2006
> Even if you use an anonymizer proxy, you're hiding your IP from web sites you visit, but now that one company providing that service could be gathering all the information you wanted to hide from every other people.

In theory you could use two anonymizers from different companies in a series. Then one company knows where you are coming from but not where you're going; and the other company knows where you're going but not where you're coming from.

For email and IM it's a lot easier... all you need is end-to-end encryption.
Anonymous
May 14, 2006
I don't really care if MS know personal stuff about me, cos if they do then they must have BILLIONS of columns in that database..... i'll just be a tiny speck on the map so it's pretty unlikely that a little army of Mr Gates' zombies will come all the way to Liverpool to knock on my door and say "naughty naughty, you went on a suspicious web site last week...."
Anonymous
May 16, 2006
The comment has been removed
Anonymous
May 21, 2006
I just don't have anything to say. Not that it matters. Eh. I've just been staying at home doing nothing, but I don't care. That's how it is.
Anonymous
June 29, 2006
The Internet Explorer Team Blog includes a post covering this very subject. Due to many people asking...
Anonymous
September 28, 2006
As we’ve worked on the new Phishing Filter in IE7, we knew the key measure would be how effective it
Anonymous
September 17, 2007
funny myspace graphics birthday
Anonymous
May 29, 2009
PingBack from http://paidsurveyshub.info/story.php?title=ieblog-user-privacy-and-the-phishing-filter
Anonymous
June 08, 2009
PingBack from http://insomniacuresite.info/story.php?id=6012
Anonymous
June 15, 2009
PingBack from http://einternetmarketingtools.info/story.php?id=9424

次の方法で共有

User Privacy and the Phishing Filter

Comments

その他のリソース