Explain risks of disabling SafeBrowsing #3
Comments
|
Google Safe Browsing blocks malicious sites, like the ones you see greyed-out in a google search. While protecting your browser, it monitors all the pages you visit. Regarding the privacy issues, there are 3 steps involved here:
While you're logged into a Google Account, the pages you browse are openly related to your personal account. With no cookies and no history enabled, the privacy policy clearly tells what's stored in the server logs, also Chrome Browser has an embedded UUID. https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Alphabet |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I understand why people might want to disable SafeBrowsing, but it's worth noting that the service was designed with privacy in mind and does a fairly good job given the numerous constraints it works under. In addition, it provides a significant level of protection for most web users against phishing and malware, which can be much more harmful for security and privacy in the long run.
At the very least, you should explain why you recommend this, as well as the trade-offs. In my opinion it is a really bad idea for most users.
Here's a longer explanation (original on HN):
Please for the love of god do not disable the Google SafeBrowsing preferences. SafeBrowsing protects you from a lot of malicious websites, and does not leak much information to Google. For most people the security benefits of SafeBrowsing far outweigh the privacy concerns.
It is important to remember that malicious websites and malware in general may negatively impact your security and privacy in extremely harmful ways (malware compromises PII, website credentials, financial information, uses webcam and microphone to photograph/film/record you from blackmail/revenge porn purposes, ...)
For context, please see these relevant Mozilla bugs about SafeBrowsing privacy concerns: [0], [1]. tl;dr Firefox must set a cookie for SafeBrowsing, but it uses a separate cookie jar for SafeBrowsing so Google cannot tie the Safebrowsing activity to anything else you do related to Google or their services (which is the biggest concern here). They can learn a limited profile of your browsing activity, along the lines of "Random user x often uses their browser between 9am and 5pm on M-F".
The Safebrowsing implementation is specifically designed to be privacy-preserving. [2] It uses a Bloom filter to implement fast lookups in a minimally sized hash table of known malicious URL's. The only time a full URL (actually various hashes of multiple prefixes of the full URL, including the full URL) that you browse it sent to Google is when a prefix of it collides with a known malicious URL, in which case the URL must be sent to Google to resolve the question of whether the URL you are trying to visit is actually malicious or just a false positive from the Bloom Filter. Yes, the hashes are unsalted so it would be possible for Google to check if you were trying visit some pre-determined URL ("were they trying to visit www.thoughtcrime.org?") but only if it collided with a known malicious URL.
It would be helpful to know what the average rates of collisions and false positives are to get a sense of how much of an average user's browsing history is leaked to Google through Safe Browsing - can anybody from Google comment?
The text was updated successfully, but these errors were encountered: