PhishTank

PhishTank
Type Offshoot of OpenDNS
Industry Computer
Founded 2006
Headquarters San Francisco, California
Key people David Ulevitch (Founder & CEO)
Employees 10
Parent OpenDNS
Website www.phishtank.com

PhishTank is an anti-phishing site.

PhishTank was launched in October 2006 by entrepreneur David Ulevitch as an offshoot of OpenDNS. The company offers a community-based phish verification system where users submit suspected phishes and other users "vote" if it is a phish or not.

PhishTank is used by Opera,[1] WOT,[2] Yahoo Mail, Mcafee, APWG, CMU, ST Benard, Mozilla, Kaspersky, Firetrust, Officer Blue, Finra, Message Level, SURBL, Career Builder, Site Truth, Avira[3] and by PhishTank SiteChecker.[4][5] The Mac OS X password management utility 1Password can enable PhishTank in any Mac browser supported by 1Password (currently Safari, Camino, Firefox, OmniWeb, DEVONagent, NetNewsWire, WebKit and Fluid).

PhishTank data is provided gratis for download or for access via an API call but only under an extremely limited, restrictive license as described below.

PhishTank definition of "Open"

Scare quotes are used above to indicate that although the data on the PhishTank web site and delivered through its API may be available free of charge under certain specific conditions, PhishTank's employment of the term "open" in marketing materials, releases, and past marketing postings and in documents on its web site may differ significantly from the term's conventional usage within free/libre/open-source software, as may the characterization of the site's and API's content as "community data"; see the distinction between gratis versus libre.

Regarding the rights of the public to use PhishTank's data, as of 2011 the site's terms of use agreement states the following:

You agree that the Site and Service contains Content specifically provided by OpenDNS or its partners and that such Content is protected by copyrights, trademarks, service marks, patents, trade secrets or other proprietary rights and laws. Except as expressly authorized by OpenDNS in writing, you agree not to sell, license, rent, modify, distribute, copy, reproduce, transmit, publicly display, publicly perform, publish, adapt, edit or create derivative works from such Content. However, OpenDNS hereby grants you a limited, revocable, non-sublicensable license to reproduce and display the Content (excluding any software code) solely for your personal and non-commercial use as expressly authorized under these Terms of Use; provided, that you retain all copyright and other proprietary notices contained therein. Reproducing, copying or distributing any Content, materials or design elements on the Site for any other purpose is strictly prohibited without the express prior written permission of OpenDNS.
OpenDNS has no obligation to monitor the Site, Service, or Content. Use of the Content for any purpose not expressly permitted in these Terms of Use is prohibited. Any rights not expressly granted herein are reserved.
PhishTank Terms of Use, March 2011[6]

The text of the terms of use agreement itself is licensed under a Creative Commons license which unfortunately may confuse some readers into thinking that the data delivered by the site is released under the Creative Commons, which is not the case at all as the restrictive conditions laid out in the passage above differ radically from the broadly permissive conditions provided by Creative Commons licenses.

In 2006, on a blog that had posted an article describing PhishTank, David Ulevitch stated in a comment that the terms under which data was submitted to PhishTank were,

You grant to OpenDNS, its affiliates and their assignees the perpetual, irrevocable, non-exclusive, royalty-free right to use, reproduce, display, perform, adapt, modify, distribute, make derivative works of and otherwise exploit such Content in any form and for any purpose, including without limitation, any concepts, ideas or know-how embodied therein;
Comment on Webby's World blog post "PhishTank", October 2006[7]

Despite the fact that this quoted contractual passage actually grants Mr. Ulevitch and his own company rights to use the content rather than anyone else Mr. Ulevitch characterized the above condition as one that is "very open and let’s [sic] anyone use it for any reason, commercial or non-commercial".[7] Clearly, such a policy is not reflected in the 2011 terms of use which grants only to individuals with PhishTank accounts a limited license "solely for your personal and non-commercial use", specifying restrictions to that use such as mandatory inclusion of a variety of notices and requiring "express prior written permission" for any other reproduction, copying, or distribution.

However, outside of contractual agreements with the user, as of March 2011 the PhishTank site's FAQ page contradictorily states,

Is it OK to use the API for both commercial and non-commercial uses?
Yes.
PhishTank Frequently Asked Questions, March 2011[8]

References

  1. ^ PhishTank Blog » Blog Archive » Welcome Opera Community!
  2. ^ PhishTank Blog » Blog Archive » WOT uses PhishTank data
  3. ^ Friends of Phishtank
  4. ^ PhishTank Blog » Blog Archive » SiteChecker brings PhishTank into Firefox
  5. ^ PhishTank SiteChecker
  6. ^ "PhishTank Terms of Use". OpenDNS, LLC. Archived from the original on 2011-03-10. http://www.webcitation.org/query?url=http%3A%2F%2Fwww.phishtank.com%2Fterms.php&date=2011-03-10. Retrieved 2011-03-10. 
  7. ^ a b Ulevitch, David (2006-10-06). "Comment 22835 on the post "PhishTank"". Webby's World. Archived from the original on 2011-03-10. http://www.webcitation.org/query?url=http%3A%2F%2Fjoeanderson.co.uk%2Fblog%2F2006%2F10%2F03%2Fphishtank%2F&date=2011-03-10. Retrieved 2011-03-10. 
  8. ^ "PhishTank Frequently Asked Questions". OpenDNS, LLC. Archived from the original on 2011-03-10. http://www.webcitation.org/query?url=http%3A%2F%2Fwww.phishtank.com%2Ffaq.php&date=2011-03-10. Retrieved 2011-03-10.