Google Safe Browsing is a service through which Google provides lists of URLs (addresses) of websites that contain malware or phishing content.
These lists of suspicious sites are continually updated by Google’s web crawlers, programs that crawl the web to index sites for the Google search engine.
Google’s Safe Browsing service lists are used by browsers such as Google Chrome, Mozilla Firefox, and Apple Safari to check the web pages users try to access against potential threats.
The service issues alerts when they are about to open websites or content that Google has classified as malicious. Warnings are displayed as “visual messages” along with specific details related to the malicious content in question.
The service is also designed to block the download of malware-infected files, and once a user’s computer has been infected, it can provide instructions on how to detect and remove the malware.
Lists of unsafe sites can also be accessed by members of the public through a public API for the service. [An API, or application program interface, is a set of instructions that specifies the functions or routines required to accomplish a specific task, such as reading a particular list of websites.]
In addition, Google uses its Safe Browsing service to send email alerts to Internet service providers about threats hosted on their networks.
More than a billion Internet users currently use the Safe Browsing service, either directly or indirectly and, according to Google, it issues three million notices a week.
The service is recognized to be highly efficient in protecting users against malware and phishing attacks.
Privacy issues with Google’s Safe Browsing service
By using Google’s public API (the Safe Browsing Search API) to consult a suspicious web page, members of the public concerned about their privacy should be careful. The URLs (addresses) to be fetched are unhashed (encrypted), so the Google server knows which URLs were fetched using this API. This makes tracking your online activities a breeze.
However, the Firefox and Safari browsers use a second version of the API, Safe Browsing API v2, to exchange data with the server. This uses encoded URLs so that the Google server never knows the actual URLs queried by the user.
However, the Safe Browsing API also stores a cookie on the user’s computer that the NSA (US National Security Agency) uses to identify individual computers. This is a mandatory requirement that many users find acceptable, as it helps them feel secure.
In addition, Google stores another cookie on the user’s computer that can be used to identify the IP addresses that the user visits, that is, it can be used to track the user.
Google’s excuse is that the tracking cookie records this data to prevent DDoS (distributed denial-of-service) attacks. That can be so.
The API in the user’s browser (eg Chrome) will ‘call home’ every few hours to check for updates to its list of malicious sites. At the same time it sends a payload that includes the machine ID and the user ID.
Should I turn off Google’s Safe Browsing service?
Even if you trust that Google will not use your information without your permission or for some nefarious purpose, there is a potential risk that a malicious third party will pick it up when it is replayed over the Internet to Google from your browser.
The only way to prevent this is to disable the Safe Browsing feature in your browser, which is enabled by default.
This is a real bummer as you would be disabling a great service.
But that’s what you have to do if you don’t want to be tracked.
When deciding whether or not to disable Safe Browsing, you should keep in mind that even if the information being tracked is not hacked, it is still available for access under a court order or at the request of the US NSA.
The good news from Google is that Google only retains the data for two weeks and then deletes it.
Not so, say some researchers, who believe that after two weeks the data becomes anonymous, meaning names and other identifying characteristics are removed and stored in aggregated form.
If this is true, having just the user’s IP address, cookie, and timestamp would be enough information to figure out someone for something they may have done years before.
So if you use Chrome or Firefox, remember to behave yourself!