Antiphishing

[Robert Knight]

> make safe browsing optional

I have a hypothesis that the users most vulnerable to exploitation by
fraudulent websites are also the users who are least likely to be
aware of and to manually enable any such "safe browsing" features.

If this is the case, then if safe browsing is not enabled by default,
it might as well not exist at all.



On 22/06/07, Pau Garcia i Quiles <pgquiles at elpauer.org> wrote:
> Quoting George Staikos <staikos at kde.org>:
>
> >
> > On 22-Jun-07, at 2:23 AM, Josef Spillner wrote:
> >
> >> On Thursday 21 June 2007 21:51:11 Tom Albers wrote:
> >>> I have a very simple antiphishing check already (for html mails compare
> the
> >>> visible link with the actual link, see screenie (yes, i know the typo))
> and
> >>> I would like to extend it to something more professional.
> >>
> >> When I proposed this to security@ a while ago, I was told that you
> >> would never
> >> be able to catch all cases with such a warning, and therefore it
> >> doesn't make
> >> sense to implement something like this.
> >> What's the take now?
> >
> >    What I suggest is something primarily based on an actively updated
> > database, and that's a proven good approach.
>
> Would the Google Safe Browsing database be OK?
> http://code.google.com/apis/safebrowsing/key_signup.html
>
> The only problem is it requires a key which is connected to a Google
> Account but that has an easy solution: make safe browsing optional and
> tell people they have to apply for a Google account and a Safe
> Browsing API key if they want to have safe browsing. Maybe we could
> even create an assistant to do that within Konqueror (I don't know if
> Google allows this).
>
> --
> Pau Garcia i Quiles
> http://www.elpauer.org
> (Due to the amount of work, I usually need 10 days to answer)
>