Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
Search SpywareGuide Database & Site
Security Email Alerts & Updates
SpywareGuide powered by FaceTime Security Labs

The Anti-phishing Tool Bar Controversy...

by Christopher Boyd

Date: 09.30.2005

There are lots of rumours circulating at present, regarding the Antiphishing toolbar from Netcraft. These rumours have circulating? as far back as May, claiming that the toolbar itself contains "spyware". Like most things labeled spware, it depends on your point of view; whether you think cookies areevil, and whether the price you pay for some phishing protection is a little personal data sent back to base. With that in mind, let's continue...

The Install

There seems to be nothing unusual here. Firefox pops up the "blocked" install message, and you have to manually add the Netcraft site to the list of allowed sites.

When the install is initiated, a popup appears which seems to have caused concern in end-users, but it is simply a javascript popup describing what is going to happen - Netcraft being helpful.

This is a good example of what can happen when panic takes hold needlessly - not every popup is a bad thing. Then you get another clear message, indicating what will happen when you restart Firefox - for something that is supposedly doing something untoward, the toolbar is very clear with its disclosure!

In Practice

I tried the Toolbar out on a number of phishing sites - it blocked all of them (example here). I had no false positives and the tool uninstalled with no problems, but I only tried a limited selection of sites. Remember, here I'm primarily looking for "unusual" behaviour. The issue is - I didn't find any.

In Closing

Here we have a case of what the value proposition is for the customer. The toolbar privacy policy clearly states what the tool will do - from the agreement:

# Information Automatically Logged We use your IP address to help diagnose problems with our server and to administer our Web site. Your IP address may also used to display regional advertising banners.

# Advertisers Sometimes advertisers may use third party banner servers to display banners on our site. These servers are not under Netcraft's control.

# Cookies Netcraft uses cookies in areas of the site requiring authentication, and as part of its banner serving system.

Now, it has been mentioned on numerous sites as indicating that end-users should be looking out for popups, banner ads and other things associated with Adware, and that it tracks users for "hidden" purposes. But look again - it doesn't say this applies to the toolbar. It says these ads are on the website. And "banner serving system" has to refer to the website too - banners served by a toolbar wouldn't be very big to look at! No, the issue here is that the terms for the toolbar and the terms for the website don't appear to have been separated well enough. Or at least, they have, but not enough for the average end-user to understand. This is despite the fact that the article clearly states lower down the page that the toolbar collects the below (under the heading of Netcraft toolbar!):

pqnelhleyy 23acd9ae 61751914

* A unique identification reference is generated for each Toolbar installation. This is sent back to us when the Toolbar attempts to download updated versions of its software and is used for planning and licensing purposes. This is not sent as part of the Toolbar's normal operation when browsing the web.

* Web sites (not URLs) visited when browsing the web. These are used to provide contextual reports and popularity ranking information for the site being browsed.

* Secure hashes of URLs visited when browsing the web. These are used to defend against phishing sites by comparing the hash against a list of hashes of previously reported phishing URLs and blocking the page if a match is found. There is no other case in which we can determine the URL of the page you have visited from the hash which we receive.

* The Toolbar does not collect any personal information except that described above. In particular, we do not collect personal information which can identify the browsing habits of individual users.

So we can see that, although Netcraft has made every effort to make clear what the toolbar does, there is still confusion in the end-user's mind with regards what the software actually collects. The interesting question is, what can Netcraft and companies like them, and (more importantly) the end-users do to clarify these issues? It's a question with no easy answers, but as the above has illustrated, these days even producing a tool designed to increase security can be filled with unintentional perils.

Unless otherwise noted this article is Copyright © 2021 by FaceTime Communications, Inc. This article may not be resold, reprinted, or redistributed for compensation of any kind without prior written permission from FaceTime Communications, Inc. For reprint or media inquires please contact us with the phrase "Spyware Guide Articles" in the subject line and we will by happy to assist you. Links to this article from other websites are appreciated and encouraged. Users are also encouraged to utilize our RSS system to provide unique content and extracts for their site.

Read other articles (back to full list)

Help with the BUST!
Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.
Recent Blog Posts
Notice: Undefined index: version in /data/www/spywareguide/magpierss/rss_parse.inc on line 228
  • A Year In Security
  • Youtube Comment Bot Spams In Waves
  • VGA Awards Trailers Used As Bait For Spam Offers
  • Fake Visa Electronic Report Serves Up Zbot Data Stealer
  • Banned Console Owners Beat The System - With Stickers
  • Spot The Hack
  • The Futility Of EULAs
  • Auto Whaler Spears Phishers
  • Fake Porn Grabbers Snag Nothing But Malware
  • Console DDoS Botnets - A Thriving Industry
  • Recent Modifications
    2021-8-24  Adult Networks/Services
    2017-2-10  Adult Hosts
    2016-3-30  CoolWebSearch
    2015-9-29  Malicious URLS
    2015-5-19  Dialers
    2015-1-5  Email Threats
    2013-7-20  Date Manager
    2013-4-10  BeeBus
    2012-12-18  JT.Moonwalk
    2012-12-18  Sadbiz

    Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide Japan Japanese

    © Copyright 2007, FaceTime Communications, Inc. All rights reserved.