You catch 'em, we kill 'em

Knitting with tinfoil.

, posted: 20-Dec-2008 14:57

I have decided to get out a roll of tin foil and start knitting myself a tinfoil hat - mostly to wear while sitting in my Faraday cage, with the window vibrators on, speaking via voice changer and using anonymous proxy to surf the net via my wireless internet access in an ever moving van. Oh yes – Pink Floyd's, “The Wall”, is screaming in the foreground to stop people overhearing what I say.

So what pushed me (further?) over the edge you ask? Mozilla Firefox 3.

Two days ago I decided to log onto my utility site to manage some web site content for a customer. My utility site has a Url similar to . It is not publicly accessible, needs a password to access it and holds links to Joomla back ends, ftp services, web email etc. What is more it doesn't appear in Google search, Yahoo search or other search engines. In short it is about as anonymous and private as it gets on the net.

So imagine my shock when a window popped up telling me Firefox Three was not going to let me browse to my site as it was a reported phishing site. The window offered me three links:

1 - 'Get Me Out Of Here' which sends you to the Google home page,

2 - 'Why was this site blocked' which leads you to lots of fluff and education about phishing being bad etc

3 - A link that says 'Ignore This Warning'. (supposedly allows you to continue on).

Well I had work to do so I pushed ignore this warning - to get the same page again and again and again and ... you get the idea - The Ground Hog Day event horizon swallowed me whole. Having next tried the 'Get Me Out Of Here' button which got me to Google's front page, a useless destination for my purposes, I tried the 'Why Was This Site Blocked' button.

Now I know great minds are near to madness allied (John Dryden) and some times I may slip through those thin partitions that divide, but I do think that as the owner of a Url banned by some list as being a phishing site, that the button that states, "Why Was This Site Blocked" would give me some information as to why my site was blocked. Sorry to say I was wrong.

The button opens a page that gave me educational fluff and bubble about phishing in general but nothing on Why Was THIS SITE Blocked. What is worse, nowhere was there information on that page that covered the basics I needed such as:

1 - Who blocked this site and why?

2 - Who runs the black list?

3 - How do you contact the blacklist?

4 - How do you get off this blacklist?

5 - Why wasn't I the owner notified of the banning?

Two days of research later I have had an email from the security team at Mozilla telling me all they have done is implement a phishing filter based on lists recovered from Google. They also very kindly gave me a Url to anonymously suggest to Google that the site is wrongly banned. ( )

Now while having the Url is nice I must admit it fails at a number of points:

1 - It is an anonymous submission

2 - The captcha used to receive information is the most unreadable captcha I have ever seen. Problems with R,N,I and M letter combinations that make guessing what the squiggles say almost impossible

3 - It has no accessibility method for submitting the form if you cant read the captcha or have vision or other disability issues (thus fails W3C standards completely)

4 - It doesn't tell you how to contact the black list people

5 - It doesn't acknowledge a successful submission of request for banning removal (just sets itself up again to be used again)

6 - Leaves me no closer to figuring out how my URL got blacklisted, who blacklisted it, why I wasn't notified of the banning and whether I can get off this blacklist (anonymous URL submissions to unknown people with no guarantee of it being received leave me with dread over my chances of success).


While I have turned off phishing filter in FF3 (Tools - Options - Security Tab - Tell me if this site is a forgery and Tell me if the site is an attack site) that doesn't stop my sites being banned for every other FF3 user and still leaves those of us falsely accused swinging in the wind.It also doesn't stop Firefox contacting Google. See one persons experience here

BTW - while I think of it - TELL ME if site is a forgery and TELL ME if site is an attack site - that seems to me to be different to 'BAN me from a forgery and BAN me from an attack site' - or is that my John Dryden delusional state messing with my grasp of the English language?

Here is my big issue over this whole thing in regards to Mozilla FF3. Without my explicit consent, FF3 has been asking Google to comment on sites I am visiting. This functionality was turned on without me being asked as part of an upgrade but what is worse - FF3 is contacting Google about my personal browsing habits without my explicit consent. Even IE asks before turning on phishing filters etc.

Now Google and Mozilla both point to privacy clauses (which have more holes than a sieve) but the reality is my IP address is an identifying feature. It is who I am on the net. While I don't mind having that IP address recorded on intermediate servers along the way I really do mind having it served up to the webs biggest pusher of product for profit. Google is teetering on (some would say has already gone over ) the edge of the precipice of invasive tracking and profiling. Their search results are tailored to me, ads on sites track my movement around the web and now it seems they are deciding (through a supposedly independent and third party browser) which sites I can and cant visit. They have decided to Santa the web and arbitrarily decide who is naughty and nice -banning those they deem unworthy.

When you add this to the accumulation of services integrated in most web browsers you have to wonder just how free the Internet really is today. Some examples:

IE and FF both search for alternative URLs to try if you mess up typing in the URL in the address bar.

How much do you trust them to actually look for what you want and not just return their idea of what you should have? And before you wonder about my paranoia levels - ask yourself this - what is Google and Microsofts primary purpose in life? To make money! And they don't do that by being nice and offering charitable help to others without cost. Add to that Microsoft's ambition to control the web and browsing habits, Google's invasive presence just about everywhere and you have to start wondering if big brother isn't already feeding you your daily dose of desire and consumerism.


IE and FF both have search bars built into their browsers next to the address bar.

Now while those are handy it means there is connectivity between those search bar providers and you by default in the web browser you use. Anyone tried to remove the Live Search tool bar from Windows IE? Even removing phishing from FF doesn't stop the communications - including communications to Google analytics servers (their ad servers) . See one persons experience here

Yahoo - via the medium of being Xtra's provider of email,

... control who can and cant send email to Xtra's customers (see other articles on how people are being arbitrarily blacklisted by yahoo at yahoos whim).

Most web browsers are provided by the webs biggest sellers of IT, media and product.
(Apple Safari, Microsoft Internet Explorer, AOLS Browser, Google Chrome). Sadly it seems that Google is so tightly and completely integrated into Mozilla Firefox that Windows PC users no longer have an easy choice of independent web browser (except Opera maybe?) The best independent offering just sold its soul - unless you want to recompile and sort the code out for yourself.


Ten years ago people were sweating over, webtrends and similar adverts tracking you around. You knew not to add tool bars into your browsers unless you were prepared to give away some privacy. Now days it seems every e-man and their e-dog have no worries about those providers. Google, Microsoft and Yahoo have ubiquitously done what ad servers couldn't and what is more they are now part of your web browsing software. At least with doubleclick you could ad them to your hosts file as but with Google embedded in your browser that kills most of your browser experience and speed (try waiting for to respond several times a page).

What is worse is they are also part of your desktop in many cases (Microsoft Desktop Search, Google Desktop Search) . And if you think that having them on your desktop is no big deal then ask yourself why Microsoft has applied for a patent to serve you advertising based on what you are doing on your Pc (not even while you are on the web). See Here and Here 

But don't worry, rest assured - they only collect your IP address and as long as you don't use MSN, Live, Hotmail, AOL, GMail , Yahoo Mail, Google services, Microsoft One Care, etc. etc. etc. - they cant track that back to your name and personal details.

So anyway - back to my knitting - and while I knit I am going to ponder how on earth (and not the Google version either) the webs most taken up independent web browser just sold out and integrated the webs largest provider of advertising into itself (without notifying users) to arbitrarily decide what you can and cannot see on the web. Maybe big brother is watching but like burning chrome (and yes I would really recommend you do that to Googles browser), the big brothers we need fear are not governments but corporates instead.

Other related posts:
Burn all books - out with free thought.
How I would write a perfect virus

Comment by Daniel Brandt, on 21-Dec-2008 04:22

You wonder why Firefox sold out?

Mozilla makes over $50 million a year from Google, that's why. If you enter a malformed URL in the address bar of Firefox, it phones home to Google for its best guess of what you wanted and you end up on that page. And unless you turn it off, Firefox prefetches the top result for your search based on Google's rankings, and you end up with that site's cookie, even if you never visit that site.

But if you're only interested in the big bucks going from Google to Mozilla, here's the documentation:

Comment by Martin Greif, on 21-Dec-2008 14:29

Outstanding post. I could not agree with you more. The big issue with all of these companies is that they do not really offer the user the option of opting out of the monitoring they do.

I don't have a problem with them tracking usage if the user can turn it off. If there is value in the tracking back to the user and it's a choice, then fine.

It really drives me crazy that people trust these companies.

Last, but not least, loved the reference to "tin foil hats".

Comment by Dratsab, on 21-Dec-2008 19:13

Can you post a photo of yourself wearing the hat when you've finished?

nunz's profile

Shane Hollis
New Zealand

Shane started Virusbusters twelve years ago to provide fixed price IT support for home users.

Daily battles through the world of viruses, spammers and other malware has left an indelible impression on him so he decided to try to give back some of the help he has received over time.

Hopefully crazy ideas, virus removal tips and other help can be found in this new blog. who knows, it might even be worth reading one day.