This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why does Sophos send every URL I visited to 4.sophosxl.net?

Hi, I've recently received a mac laptop for work, it runs Sophos Endpoint, I've connected it through a proxy and found it has posted every single URL I visited to https://4.sophosxl.net/lookup, why is this? It seems like a huge privacy issue. Thanks.



This thread was automatically locked due to age.
Parents
  • Hello Bob Johnson3,

    this is part of Sophos' Live Protection, specifically Download Reputation and Malicious Traffic Detection.
    If you think it's a huge privacy issue you can disable these features.

    Christian

  • Thanks for your answer Christian.

    I do think it's a huge privacy issue, especially in today's privacy landscape, many people (myself included) will feel very uncomfortable having all their browser history sent to a third party server. Turning off these features will defeat the point of having a security software installed. Perhaps a more privacy friendly solution would be to have the protection database downloaded locally, continuously updated, and have the checks made against the local database instead.

  • Hello Bob Johnson3,

    having all their browser history sent to a third party server
    understandable concern, especially as this reveals complete URLs and not "just" the sites.
    have the protection database downloaded locally
    keep in mind that the database isn't  small. We're likely not talking about a few dozen MB here. The important part though is Live - malicious URLs are often short-lived, it doesn't make sense to distribute updates only, say, twice a day or even every few hours. OTOH to immediately distribute the updates to all users is simply not economical - diminishing marginal utility (and, BTW, Download Reputation currently doesn't work with Firefox)
    privacy
    questions are: what is sent, what is kept, for how long? Could a third party get access to the data? Is it indeed sufficient to collect your browsing history?

    I'm not trying to downplay the SXL lookups but when it comes to privacy there exist other mechanisms - that are neither communicated nor easily evaded, if at all - to profile you (and not necessarily well-intentioned).

    Christian

Reply
  • Hello Bob Johnson3,

    having all their browser history sent to a third party server
    understandable concern, especially as this reveals complete URLs and not "just" the sites.
    have the protection database downloaded locally
    keep in mind that the database isn't  small. We're likely not talking about a few dozen MB here. The important part though is Live - malicious URLs are often short-lived, it doesn't make sense to distribute updates only, say, twice a day or even every few hours. OTOH to immediately distribute the updates to all users is simply not economical - diminishing marginal utility (and, BTW, Download Reputation currently doesn't work with Firefox)
    privacy
    questions are: what is sent, what is kept, for how long? Could a third party get access to the data? Is it indeed sufficient to collect your browsing history?

    I'm not trying to downplay the SXL lookups but when it comes to privacy there exist other mechanisms - that are neither communicated nor easily evaded, if at all - to profile you (and not necessarily well-intentioned).

    Christian

Children
No Data