I saw it coming back when all the phishing URL databases were being built: Not only were all the databases going to compete, but there would be different access methods. We saw another stupid battle in that war today with the release of the Google Safe Browsing API.

This API is "an experimental API that allows client applications to check URLs against Google's constantly updated blacklists of suspected phishing and malware pages." I've already written about Google's malware research, which appears to have built part of the database behind this API. Firefox uses this API for its phish site detection.

I've also already written about PhishTank, the open and public phishing database from OpenDNS. It, too, has an API that performs the same basic purpose: to find out if a particular URL is dirty.

There are differences. The Google database was built with its heuristics and with user submissions, principally through Firefox, I guess. PhishTank has submissions and a voting system, where people can view the submission and vote for whether it is a phish or not.

PhishTank does not store any URLs you test. Google's privacy FAQ (section 8: "URLs and embedded information") indicates that it stores the URLs and uses them as it sees fit.

Of course, there are other phishing databases with their own access methods, like IE7.

I wish it was possible for there to be fewer such APIs and databases. Economies of scale should make these databases more effective and fragmentation makes them less effective.