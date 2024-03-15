



Google has enhanced its Safe Browsing service to provide real-time protection from dangerous websites on Chrome for desktop, iOS, and soon for Android, without sending your browsing history data to the advertising industry.

Safe Browsing is a free, non-commercial use Google API that allows client applications to search websites in the database to see if known risks exist. Available in two flavors: Standard and Enhanced.

Previously, the Standard version worked based on a locally stored list of suspicious sites, with data comprehensiveness limited to the last time the list was updated.

The enhanced version uses real-time URL lookups and machine learning to provide broader protection, but the tech giant says it also sends information to Google, which will use it “for security purposes only.” claims.

Going forward, the standard version of Safe Browsing will support real-time data lookups, but your browsing history data will not be sent to Google. Thanks to privacy regulations in Europe and elsewhere, privacy protection protocols are now a key element.

Jasika Bawa of Google Chrome Security, Xinghui Lu of Google Chrome Security, Jonathan Li of Google Safe Browsing, and Alex Wozniak of Google Safe Browsing write in a blog post that the list of locally stored suspicious sites is 30 to 60 minutes long. It is explained that it will be updated every time. We use hash-based checks, but that's no longer enough.

“Dangerous sites are now adapting, with the majority having a lifespan of less than 10 minutes, which means that many sites will take longer to update their locally stored list of known risky sites. They can slip through the cracks and cause harm if users happen to access them.''We encourage you to take advantage of this opportunity,'' they say.

Additionally, Googlers observed that the size of local lists and the need to maintain connectivity for updates can be a challenge for devices with resource constraints or intermittent network access. I am.

That's why later this month, we're adding real-time privacy protections to the standard tier of Safe Browsing in Chrome on desktop, iOS, and Android. This requires technical enhancements, such as implementing asynchronous mechanisms to prevent network calls from blocking page loads and degrading the user's experience.

The system first checks your local cache files to see if the URL of the website you are visiting is known to be safe. If not found, a real-time check is performed. Chrome then creates a 32-byte hash of the URL, which is split into 4-byte hash prefixes. These are encrypted and sent to an Oblivious HTTP (OHTTP) privacy server operated by Fastly (yes, sent to Fastly as a hash), which removes any potential user identifiers and sends the cleaned results to Google Safe. Transferred to a browsing server. This arrangement denies Google data that may be used to link browsing behavior with site checks.

The Safe Browsing server then returns a hash that matches its database of unsafe site hashes and optionally displays a warning to Chrome users.

“Ultimately, Safe Browsing recognizes hash prefixes in URLs, but not IP addresses. Privacy servers recognize IP addresses, but not hash prefixes,” Bawa, Lu, Li, Wozniak explains. “No one party has access to both your identity and your hash prefix, so your browsing activity remains private.”

Additionally, Google says that in addition to pointing out compromised passwords, iOS Password Checkup will also flag weak or reused passwords.

