On Thu, Aug 29, 2019 at 8:23 PM Kirk Hall via dev-security-policy < [email protected]> wrote:
> On Thursday, August 29, 2019 at 5:07:03 PM UTC-7, Ryan Sleevi wrote: > > On Thu, Aug 29, 2019 at 6:26 PM Kirk Hall via dev-security-policy < > > [email protected]> wrote: > > > > > > Could you point to the browsing phishing filters and anti-phishing > > > services > > > > that do? It might be an opportunity for you to find out how they deal > > > with > > > > this, and report back, so we don't have to presume anything. > > > > > > Let's hear directly from the experts - can you get someone from Google > > > Safe Browsing to post to this list, and then we can all ask him or her > our > > > questions and get the definitive answers. Thanks. > > > > > > I think it’s a great idea to hear from the experts! > > > > So far, it’s hard to tell who they are, because you haven’t been able to > > provide any details about who does what you describe. It sounded > initially > > like a hypothetical, but now that you’ve stated it’s factual, perhaps you > > could provide sources? And then ask folks at those organizations and > report > > back? It seems that you’re passionate about this, and I can’t think of > > anyone better suited to demonstrate whether or not this actually happens > > than someone as passionate for the truth as you. I’m sure you’ll be able > to > > find out whether or not the world works like you described and report > back > > to us all. > > > > Look forward to hearing more about who actually does this, and how they > > solve the very obvious security risks. I’m assuming that if we don’t hear > > back, it might mean no one actually does this, or that perhaps no one has > > solved this obvious security issues. > > Uh... Ryan... some of the experts work down the hall from you. Google > Safe Browsing. This was the question I posed to you: > > "Can you get someone from Google Safe Browsing to post to this list, and > then we can all ask him or her our questions and get the definitive > answers." > > What is your response? > Oh, I thought I made it clear, I'm posting in a personal capacity. As you're the one making the claim, I was hoping you might demonstrate whether there's any truth. I certainly wouldn't want to bother anyone just because someone on the Internet said something. I'm sure no one would get any work done if they had to respond to everyone who had a half-baked idea about how things might work. Of course, that also wouldn't help answer the question I asked of you, in the context of what you claimed: "Could you point to the browsing phishing filters and anti-phishing services that do? It might be an opportunity for you to find out how they deal with this, and report back, so we don't have to presume anything." What is your response? _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
