Skip links

Google gooses Safe Browsing with real-time protection that doesn’t leak to ad giant

Google has enhanced its Safe Browsing service to enable real-time protection in Chrome for desktop, iOS, and soon Android against risky websites, without sending browsing history data to the ad biz.

Safe Browsing is a non-commercial Google API that allows client applications to lookup websites in a database to see whether they pose a known risk. It is available in two flavors, Standard and Enhanced.

To date, the Standard version has operated from a locally stored list of suspect sites, which limits the comprehensiveness of the data to whenever the list was last updated.

The Enhanced version has offered more extensive protection using real-time URL lookups and machine learning, though it sends information to Google – which the tech titan says “is only used for security purposes.”

Henceforth, the Standard version of Safe Browsing will support real-time data lookup, but without sending browsing history data back to Google. Thanks to privacy rules in Europe and elsewhere, privacy-preserving protocols are now table stakes.

In a blog post, Jasika Bawa, Google Chrome Security, Xinghui Lu, Google Chrome Security, Jonathan Li, Google Safe Browsing, and Alex Wozniak, Google Safe Browsing, explain that the locally stored list of suspect sites gets updated every 30 to 60 minutes using hash-based checks, but that’s no longer adequate.

“Unsafe sites have adapted – today, the majority of them exist for less than 10 minutes, meaning that by the time the locally stored list of known unsafe sites is updated, many have slipped through and had the chance to do damage if users happened to visit them during this window of opportunity,” they say.

What’s more, the Googlers observe, the size of the local list and the need to maintain connectivity for updates can present a challenge for devices that are resource constrained or have intermittent network access.

So in Chrome for desktop and iOS, and Android later this month, the Standard tier of Safe Browsing is getting privacy-preserving, real-time protection. This requires some technical enhancement like the implementation of an asynchronous mechanism to prevent network calls from blocking page loads and degrading the user experience.

The system works by first looking in a local cache file to see if the website URL to be visited is known to be safe. If not found, a real-time check is made. Chrome then creates a 32-byte hash of the URL that then gets chopped into 4-byte hash prefixes. These get encrypted and sent to an Oblivious HTTP (OHTTP) privacy server operated by Fastly (yes, it goes to Fastly as a hash) that removes any potential user identifiers and forwards the cleaned result to the Google Safe Browsing server. This arrangement denies Google data that could be used to correlate browsing behavior with site checks.

The Safe Browsing server then returns hashes that match its database of unsafe site hashes and shows a warning to the Chrome user if necessary.

“Ultimately, Safe Browsing sees the hash prefixes of your URL but not your IP address, and the privacy server sees your IP address but not the hash prefixes,” explain Bawa, Lu, Li, and Wozniak. “No single party has access to both your identity and the hash prefixes. As such, your browsing activity remains private.”

In addition, Google says that Password Checkup on iOS will now flag weak and reused passwords in addition to pointing out compromised passwords. ®