For more than 15 years, Google Safe Browsing has been protecting users from phishing, malware, unwanted software and more, by identifying and warning users about potentially abusive sites on more than 5 billion devices around the world. As attackers grow more sophisticated, we’ve seen the need for protections that can adapt as quickly as the threats they defend against. That’s why we’re excited to announce a new version of Safe Browsing that will provide real-time, privacy-preserving URL protection for people using the Standard protection mode of Safe Browsing in Chrome.
↫ Jasika Bawa, Xinghui Lu, Jonathan Li, and Alex Wozniak on the Google blog
Reading through the description of how this new feature works, it does indeed seem to respect one’s privacy, but there could be so many devils in so many details here that you’d really need to be a specialist in these matters to truly gauge if Google isn’t getting its hands on the URLs you visit through this feature.
But even if all that is true, it doesn’t really matter because Google has tons of other ways to collect more than enough data on you to build an exact profile of you are, and what advertisements will work well no you. Any time Google goes out of its way to announce it’s not collecting some type of data – like here, the URLs you type into the Chrome URL bar – it’s not because they care so much about your privacy, but because they simply don’t need this data to begin with.
Thom Holwerda,
This uses both a whitelist and a blacklist. I don’t know what criteria google uses to populate either list, but it’s not relevant to whether the mechanism itself leaks data. “Safe” sites that are in the whitelist will come up faster than “safe” sites that aren’t in the whitelist. Arguably this could be used to give google sites an unfair performance boost over non google sites. But in terms of privacy, the whitelist leaks nothing.
They’ve taken certain steps to mitigate leaking via the blacklist queries:
1. The urls are all hashed and the hashes are truncated to 32bit. This is not enough to statistically identify a page by itself, however the paper leads me to believe that the algorithm doesn’t just perform a single query per url, but uses the following algorithm to generate several hashed queries per url.
https://developers.google.com/safe-browsing/v4/urls-hashing
If this is so, then the amount of information leaked is actually somewhat higher than a single 32bit hashes would.
The google paper did not cover this threat model, but IMHO it should have.
2. if a browsing session contains a long sequence of such hashes over time, then collectively they might significantly whittle down the set of possible candidates. Enough queries might correlate the session to a set of related urls.
3. The 32bit url hash queries are sent through an intermediary party to strip off user metadata and provide anonymity. Furthermore chrome encrypts the hashes so that this intermediary party doesn’t know which hashes are being queried, only google. This can be considered private at face value. But it does assume that neither the 3rd party or google are working in cahoots with each other or with government agencies, which obviously breaks the mobile. As such there’s a degree of trust in play.
4. Given that google controls chrome, clearly they could configure chrome to bypass the 3rd party if they wanted to. Or even more devious would be to use the encrypted “safe browsing” channel as a secret channel for leaking information right through the oblivious 3rd party. Not saying they actually do this but just pointing out how we have to trust that chrome’s implementation is actually faithful to the published spec and doesn’t take liberty in introducing hidden “features”.
5. Assuming the NSA somehow got the privacy key to decrypt chrome’s hash requests, then theoretically the safe browsing hash queries might aid the NSA to identify urls in otherwise fully encrypted TLS traffic. With a wiretap they’d know the server and hostname the TLS traffic is connected to, so the 32bit url hashes along with other metadata would likely prove extremely valuable for their signals intelligence operations.
if you believe the governments have access to the safe browsing hash decryption key, then safe browsing could be an additional risk for those who are being tracked by covert government entities.
I don’t believe Google or any tech/ad company actually cares about privacy, at least not many. Privacy of people’s data from competitors and other people, yes absolutely. But, privacy for people to be truly anonymous? Hell…No… Any time you have to trust another entity will act in your best interests rather than their own or what can be forced upon them (by law), all you’ve got is a false sense of security and a pacifier stuck in your mouth.
I’ve said this many times… We have been living in a surveillance society. It’d be foolish to think it will do anything other than get worse for people’s privacy. At the end of the day, government doesn’t want you to be anonymous. Companies don’t want you to be anonymous. Even your neighbor doesn’t want you to be anonymous. What they do want is for you and all aspects of your life to be tracks & monitored every second you have life, and probably a portion of your death as well.
I’m not suggesting the fight for privacy isn’t worth it, I’m just stating it’s a fight that can’t be won. The only question is how easily people will submit; Willingly, or by force. If you’re going to lose a fight, are you okay being the only one with a black eye when it’s over?
friedchicken,
I agree.
Not quite sure what you meant by this.
Is the moral of that story that you shouldn’t even try? I have to disagree with you there. If you give up an inch here and there, over a lifetime this will really add up and you’ll have no ground left on which to live in freedom. I know your point is that we don’t have much freedom anyway….but it can get so much worse if we don’t take steps to protect the freedoms that we do have.
@Alfman
I wasn’t referring to neighbors wanting to track & monitor all aspects of your life, but rather that’s what companies and governments want. The more they know about you, the better they can tailor ways to manipulate you to produce whatever the desired result is, be it a purchase, adhering to certain beliefs, compliance, submission, and so on. The portion referencing death simply meant to imply that personal data points are so valuable a commodity they still hold value even in death, in relation to what you’ve left behind or as an affect on people who knew you.
No, the moral of the story isn’t to give up but just that it’s not a fight that can be won because of the vastness of powers working against you, and due to human nature itself.
Every individual has to make that decision. Mine is that no, I won’t willingly submit. Accepting that the fight can’t be won isn’t the same as laying down and accepting defeat. My personal opinion is that privacy and freedom are worth fighting for regardless of the outcome. They’re worth protecting as best we can in hopes of prolonging the benefits they provide.
A bit of a tangent, but something that came up in the news is that cars are “covertly” sending data to the manufactures and it appears that they are selling the data to insurance companies who are bumping up insurance rates.
https://www.morningbrew.com/daily/stories/2024/03/12/cars-are-covertly-tattling-to-insurance-companies-about-your-bad-driving
https://www.cnn.com/videos/business/2024/03/13/car-insurance-premiums-technology-report-nyt-hill-intv-ctm-vpx.cnn
I’ve never seen any benefit of using this over just keeping updated malware lists in your adblocker.
No, nope an naah. I am sticking with links2. Once sites stop working in links2 i might reconsider. So far soo good.
I use a 5megabyte hosts file that i am willing to share if anyone needs it, that blocks just about ever ad. To watch youtube or any other video i have a script that autolaunches mplayer2 in the same framebuffer, i can share that too if needed.
https://file.io/1AqEazaSc5Ju is the loadload, works fine on android, linux, windows and osx.
That was quick, deleted already..!