<html><body><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;">"And no, You are also wrong: Opera does not upload your visited URL's to a third party server."</div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"> </div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;">If opera (like chrome, edge or firefox) check the URL to see if it is "dangerous" (a phishing URL etc) then that is logged on their end, when it checks the database to see if the link has been flagged.</div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"> </div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;">This is the price that people pay for "free" browsers.</div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"> </div><div style="">Google protects you from "phishing websites", whilst archiving your website access, and then sells that as marketing data to who ever will buy it.</div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"> </div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"> </div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"> </div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"> </div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"> </div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"> </div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"> </div> <blockquote id="replyBlockquote" webmail="1" style="color: black; font-family: verdana; font-size: 10pt; border-left: 2px solid blue; margin-left: 8px; padding-left: 8px;"> <div id="wmQuoteWrapper"> -------- Original Message -------- Subject: Re: [anti-abuse-wg] Google Privacy Abuse From: ac <<a href="mailto:ac@main.me">ac@main.me</a>> Date: Thu, March 14, 2019 8:16 pm To: <a href="mailto:anti-abuse-wg@ripe.net">anti-abuse-wg@ripe.net</a> Hi Esa, No, you are wrong... the URL's are not available to anyone. What is available to the ISP is the domain name lookup. (this is also available to the DNS servers, etc - just the domain name) And no, You are also wrong: Opera does not upload your visited URL's to a third party server. Up to now, nobody has even tried this as it is abuse / abusive HTTPS URL's, themselves frequently contain personal data and other sensitive info, as the URL itself is supposes to be part of the encrypted session. And, this is the whole point of all of this. If Google starts saving all URL's and link that with the local cache (because they control the local software), the effect will be an increase in speed (as the media does not have to come over the encrypted session) This will probably eventually FORCE Opera/Firefox/insert name here - to also operate in this fashion, as users will want the speed - and they will not know that it is less secure / less private, etc. This is a major issue and not a small issue, it will eventually affect all of us. for example, one of my bank URL at login is: <a href="https://nameofbank.com/login">https://nameofbank.com/login</a> then, later in the session: <a href="https://nameofbank.com/?id=x&transfer=1">https://nameofbank.com/?id=x&transfer=1</a> etc etc This, right now, is not an issue as the URL itself is encrypted it is a major invasion of privacy that a third party vendor, supplying "free" software is also now recording url's which gives them two advantages over the ethical software providers. Not only that but that their "innovation" of breaking the HTTPS protocol, may force other vendors to go down the same path as the "consumers" are too lazy or uninformed to understand what it happening. If society does nothing about this case of a multinational leveraging people against people's bad behavior (or poor choices - as Ronald said: use a different browser) this will eventually affect us all. On Thu, 14 Mar 2019 09:53:47 +0100 Esa Laitinen <<a href="mailto:esa@laitinen.org">esa@laitinen.org</a>> wrote: > On Thu, Mar 14, 2019 at 6:05 AM ac <<a href="mailto:ac@main.me">ac@main.me</a>> wrote: > > > HTTPS protocol, by design, is secure and private. > > > > The average consumer expects this to be true. > > > > Google had to actually go and change, in an "under cover" way, the > > entire way and method that HTTPS works. This "change" is being sold > > as a "good thing" to poor people and/or people with low bandwidth > > and that Google is doing a "good thing" by making this change. > > > > Dear Andre > > The URLs you're accessing are also available for > > - your ISP > - your VPN provider (unless you've rolled your own) > and some information is also potentially stored by > - your DNS provider > > And Opera browser has been doing similar things when you've enabled > the bandwidth savings. > > or am I missing something? > > OK. I'm ignoring here that this particular thingi is using MITM > methods to do the optimization, which is for me a bit more worrying > than google having access to the URLs I browse. They have them mostly > anyway. > > But, it is a choice a user makes, it is not forced upon them. > > > Yours, > > esa > > > </div> </blockquote></body></html>