Reported Attack Site! Firefox + Google = The New Internet Vigilantes? (no thanks)
ATTENTION WEB SURFER: WHERE ARE YOU GOING?!?!
Is basically the message I was greeted with after restoring a Firefox session following a version update for a few of my saved tabs on sites I visit regularly. It seems that with its most recent version, Firefox has teamed up with Google in an effort to protect presumably unscrupulous users from accidentally stumbling upon sites that they seem to think will maliciously install software on your system (or, at least, try to). Seeing a few of my tabs load with a “NO” icon instead of what I would normally expect was quite a shock as these sites it had flagged are not any that I’ve ever considered particularly malicious. (I’ve been accessing them with no issues for some time now, though my continued use of Adblock Plus and No Script may be the reason for my lack of suspicious activity).
My initial thought was that a random addon would be the cause of this alert, but upon clicking the “Why was this site blocked?” button, I was surprised to see the real answer
It seems that Firefox has now teamed up with, or at least incorporated, Google’s web-safety team which maintains an up-to-date database of potentially harmful websites. The brief bit of information provided on this screen alone spells out the basics of their operation. The first line of information that is interesting indicates that as Google has been crawling the site, it has detected 4 pages (out of 202) that tried to install (known?) malicious software on the users machine without, in any way, asking permission. It then continues to break down which software the site tried to install, where it was hosted and if the site had been propagating malware to other sites.
Since I have never encountered any issues with this site, and it was a relatively small percentage of the pages on the site which attempted to infect users, it would seem that a certain advertisement in a cycling group is the offender. Again, my blocking of scripts and ads may be why I’ve never encountered any issues, but that is irrelevant to the larger picture at hand. If, when presented with the initial warning page, you chose the option to “Ignore this warning” which they conveniently make hard to read and demeaningly worded, you are allowed to access the page… but not without one last reminder that you MIGHT be messing up, and if you get infected – it’s not their fault.
I can appreciate the intent behind what Firefox and Google are doing here, in fact, I find the information Google can collect about websites while crawling them to be fascinating! However.. I’m not very fond of the fact that they implemented and activated this feature by default with no input from or notification to the user. Also, when looking at the behavior at hand, one can’t help but begin to question what kind of activity may be going on behind the scenes between Firefox and Google. It would seem that Firefox would have to scan the URL of each site we access and compare it against Google’s database of known dangerous sites to determine that the site has potential to be an “Attack Site.” I’m sure we would all like to think that this is done anonymously, and that Google isn’t tracking our browsing habits to enhance their inline advertising or for some other purpose, but it is a hard pill to swallow that this is, in fact, the case.
If you consider yourself to be a relatively safe web surfer who has no fear of internet dangers (or if you are paranoid about data mining) they do allow it to be easily disabled. From the Tools menu, select “Options” and on the “Security” tab, uncheck the box labeled “Tell me if the site I’m visiting is a suspected attack site.”
In the future, let’s hope Firefox will present changes like this is a more noticeable fashion, presenting a popup alert the fist time Firefox is loaded after the setting is enabled; or, better yet, allowing us to chose for ourselves whether we feel the need to have our hands held as we traverse the internet.
