Flagfox 4.2.2 update released

The Flagfox 4.2.2 update released today has a couple minor but important things in it that I might as well mention here.

First and foremost, this update is required for all users of Firefox 18.0 and later as well as SeaMonkey 2.15 and later. The API I was using to check to make sure Flagfox didn’t do any DNS requests it wasn’t supposed to when behind certain proxies went away. I’ve switched to using the async API instead of the now removed sync one. This supports all older application versions currently supported so nobody should notice any change here. It might be possible that users with more complex proxy setups on their network might’ve been having some issues from using the sync API but I’ve never gotten any complaints about the performance here. I’m pretty sure these users were likely to be getting a message from Flagfox saying it couldn’t work behind the proxy as set up, anyway.

The other notable change in this update is a switch to HTTPS for the following default actions:

  • McAfee SiteAdvisor
  • SSL Checker
  • Google (search within current domain)

I’ll consider updating more actions to use encryption in the future as sites add support. As SPDY increases in adoption I’m hoping we’ll see many more sites served over HTTPS with SPDY, but for now pretty much only Google supports it.


5 thoughts on “Flagfox 4.2.2 update released

      • The McAfee SiteAdvisor action does have a virus check in it, but having a another virus scan action is a good suggestion. VirusTotal uses a separate API rather than passing a URL as a URL parameter, so it’s not compatible with Flagfox. URLvoid looks very good, however. I’ll consider adding it to a future version.

    • The problem with integrating additional lookups like this directly into Flagfox, meaning in its tooltip and/or icon or other notification, is that Flagfox would have to ask a remote server for the information for each site you visit. The lookups for flags are all done in a local database. Basically, having to look up remotely for every page you visit means that lookup server knows your entire browsing history (even if they actually do keep it private). I made a decision a while ago that this was not the sort of privacy trade off I would make default. Having it as a separate option might be ok, but Flagfox already has a WOT action that does a manual lookup. My opinion on the topic is largely that if you want automatic WOT lookups and more WOT features then you should just also use the WOT addon. It’s their service so they’ll maintain and improve it better than whatever partial support I could add.

      • Ok, I understand but for example making automatic lookups with Mcafee or Urlvoid (with a visual but discrete notification) for certain types of websites could be a good idea (can always be optional)
        Maybe you can filter those websites for example:
        .com .es …. sites excluded
        https excluded
        Exclude websites hosted in certain countries
        Exclude sites in the TOP 10000 sites with more traffic (I don’t know if this can be done with alexa o google rank…)

        Or also include rules
        Following this recommendation: https://office.microsoft.com/en-us/outlook-help/identify-fraudulent-e-mail-and-phishing-schemes-HA001140002.aspx
        Be aware of URLs that include the “@” sign
        Masked HTML links
        Maybe we can find out more analyzing links from here: -3w.malwaredomainlist.com/mdl.php-

        So you won’t do an automatic lookup for every single site, an only be done for some of them.
        Would be nice also to have a balloon message if the lookup report a dangerous site.

Comments are closed.