[cap-talk] Browser upgrades - the good, the bad, and the ugly

Ian G iang at systemics.com
Wed Feb 8 05:53:38 EST 2006

Jed Donnelley wrote:

> Does anybody have any idea why they feel they need to collect website 
> addresses (I assume they are referring to DNS names or perhaps whole 
> URLs?) to "filter" phishing?

Presumably it is because of their database model.
They collect all the URLs you go to and analyse
them for phishing.  There should be a way in which
you can alert that it is for phishing, and then
that warning gets put into the database and is
then available for others to also be alerted.

This model was - to my knowledge - first introduced
by Netcraft.  It was quite successful in terms of
users but how well it actually deals with the problem
of phishing I don't know.

I personally don't like the model.  My reasons are
a. privacy (!), b. scaling, c. reliability.  For
all these reasons I suspect it is more likely to
only raise the bar ever so slightly, but also bring
in many "surprising side-effects."

But time will tell.


More information about the cap-talk mailing list