Google was announced a major change in it Safe browsing feature in Chrome today that will make the service work in real-time by checking a server-side list — all without sharing your browsing habits with Google.
Previously, Chrome downloaded a list of known sites that host malware, unwanted software, and phishing scams once or twice an hour. Now, Chrome will move to a system that sends the URLs you visit to its servers and checks a rapidly updated list there. The advantage of this is that it doesn’t take up to an hour to get an updated list because, as Google notes, the average malicious website doesn’t exist for more than 10 minutes.
The company claims this new server system can catch up to 25 percent more phishing attacks than using local lists. These local lists have also grown in size, putting more strain on low-end machines and low-bandwidth connections.
Google is rolling out this new system to desktop and iOS users now, with Android support coming later this month.
Share URLs privately
Now, if this all sounds a little familiar, then that’s probably because you’re already familiar with Safe Browsing Improved operation. This feature also compares the URL you’re visiting against a real-time list on the web, but also uses artificial intelligence to block attacks that aren’t on any list, runs deeper file scans, and includes protection against malicious Chrome extensions. But enhanced mode has always been optional — and will remain so (even when Google started to push people to activate it last year). Standard protection mode does not use these AI capabilities.
Google makes every effort to explain how this system can work in real time without sharing your browsing data with the company. Here’s how Google describes this process:
When you visit a website, Chromium it first checks its cache to see if the site’s address (URL) is already known to be safe (see “Staying fast and reliable” for details).
If the URL you visited is not in the cache, it may not be secure, so a real-time check is necessary.
Chromium obfuscates the URL following it URL hashing instructions to convert the URL into full 32-byte hashes.
Chromium truncates full hashes into 4-byte long hash prefixes.
Chromium encrypts the hash prefixes and sends them to a privacy server.
The privacy server removes potential user IDs and forwards the encrypted hash prefixes to the Safe Browsing server over a TLS connection that combines requests with many other Chromium users.
The Safe Browsing server decrypts the hash prefixes and matches them against the server-side database, returning a full hash of all non-secure URLs that match one of the hash prefixes sent by Chromium.
After getting the insecure full hashes, Chromium checks them against the full hashes of the URL you visited.
If a match is found, Chromium will display a warning.
Perhaps the most interesting part here is the privacy server. Google essentially partnered with the CDN and edge computing specialist Quickly to use Fastly’s Incorrect HTTP privacy server. This server sits between Chrome and Safe Browsing and removes any identifying information from the browser request.
This system was quickly built as a privacy service that can sit between users and a web application and anonymize their metadata while still being able to exchange data with a web application, for example. These servers, Google emphasizes, operate independently of Fastly (a cynic might see this and say that even Google doesn’t trust itself to not snoop on your browsing data…).
Thanks to all this, Google’s Safe Browsing service should never see your IP address. Meanwhile, Fastly won’t see those URLs either, because they’re encrypted by the browser, using a public-private key that Fastly doesn’t have access to.