Did you know that Google’s Safe Browsing was built into Firefox 2 by default now? I was sure surprised to find out that it was. I noticed this while performing a web application penetration test, mainly from all the google.com requests every few seconds. Now, I do think its great that technology like this is helping consumers avoid fraud. However, I wish there was more notice that it was built in and enabled by default. The only way to disable this function is to go into about:config and set browser.safebrowsing.enabled to false. I think this feature should be opt-in (like the google toolbar) rather than opt-out, and that there should be an option in preferences to toggle it. In case you were wondering where it phoned home, my browser went here.
Pingback: Google’s Anti-Phishing Blacklist Leaked Passwords at Garrett Gee