[ NNSquad ] Chrome browser's new downloaded file malware detection system may have nontrivial privacy implications

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Chrome browser's new downloaded file malware detection system may have nontrivial privacy implications

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Chrome browser's new downloaded file malware detection system may have nontrivial privacy implications
From: Lauren Weinstein <lauren@vortex.com>
Date: Wed, 8 Feb 2012 20:08:40 -0800

Chrome browser's new downloaded file malware detection system may have
nontrivial privacy implications
http://j.mp/w11Xce  (This message on Google+)

 - - - 

http://j.mp/w3DIsN  (Google Chromium Blog)

    Malicious downloads are especially tricky to detect since they're
    often posted on rapidly changing URLs and are even "re-packed" to fool
    anti-virus programs. Chrome helps counter this behavior by checking
    executable downloads against a list of known good files and
    publishers. If a file isn't from a known source, Chrome sends the URL
    and IP of the host and other meta data, such as the file's hash and
    binary size, to Google. The file is automatically classified using
    machine learning analysis and the reputation and trustworthiness of
    files previously seen from the same publisher and website. Google then
    sends the results back to Chrome, which warns you if you're at risk.
    It's important to note that any time Safe Browsing sends data back to
    Google, such as information about a suspected phishing page or
    malicious file, the information is only used to flag malicious
    activity and is never used anywhere else at Google. After two weeks,
    any associated information, such as your IP address, is stripped, and
    only the URL itself is retained. If you'd rather not send any
    information to Safe Browsing, you can also turn these features off."

 - - -

The downloaded file malware checking system described in this posting
may have nontrivial privacy implications.  My concern would be that
this database (albeit only preserved intact with IP addresses for two
weeks) may become bait for content owners demanding to know what IP
addresses have downloaded particular files over that period
(especially after a high profile "piracy" breach, for example).  While
Google can likely be depended upon to fight any such blanket demands,
related court actions are generally unpredictable.  This functionality
can be disabled in Chrome, but this would apparently require disabling
the entire malware detection system.  More details if I have
additional info to impart.

--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com 
Google+: http://vortex.com/g+lauren 
Twitter: https://twitter.com/laurenweinstein 
Tel: +1 (818) 225-2800 / Skype: vortex.com

_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad

Prev by Date: [ NNSquad ] Half of Fortune 500s, US Govt. Still Infected with DNSChanger Trojan
Next by Date: [ NNSquad ] UK Minister says website blocking proposals "imminent"
Previous by thread: [ NNSquad ] Half of Fortune 500s, US Govt. Still Infected with DNSChanger Trojan
Next by thread: [ NNSquad ] UK Minister says website blocking proposals "imminent"
Index(es):
- Date
- Thread