Does the security contact with Google Safe Browsing defeat the privacy non-tracking setting?
Hi,
As I understand it, secure browsing will tell Google Safe Browsing what page I'm on. I'm not sure exactly when it does that; from the description I encountered it could be as often as any time it encounters a bit of javascript. Since Google tell us they store whatever information is sent to them, it would seem that this setting might allow them to track the secure user.
On the other hand, the Privacy settings allow some measure of protection against tracking. So, what happens if a user wants to have both privacy and security? Will security be limited so it doesn't contact Google? Or will privacy be limited so it allows contacting Google? Or would there be a pop-up to ask you to decide yourself?
(Though this contacting is described as a separate action, in V47.0, I don't see a separate setting to (de)activate it.)
Mysha
Isisombululo esikhethiwe
more information about this is available at https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc
Funda le mpendulo ngokuhambisana nalesi sihloko 👍 1All Replies (4)
hi Mysha, this is not how safebrowsing is working, as this is designed with much more privacy-focus in mind. firefox is downloading a list with known bad domains from google's servers regularly (through a "sandboxed" connection with separate cookies, so google cannot attribute that connection to your normal search history on google). then firefox is comparing the sites you visit to this locally stored list of bad domains.
How does built-in Phishing and Malware Protection work? https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
Hi,
"When you download an application file, Firefox checks the site hosting it against a list of sites known to contain “malware”. If the site is found on that list, Firefox blocks the file immediately, otherwise it asks Google’s Safe Browsing service if the software is safe by sending it some of the download’s metadata." (<https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_unwanted-software>)
That's an example of a description that says it asks the service, though it may not be the one I originally encountered when searchign why a typical Google block was being implemented directly by my Firefox.
Obviously the description "application file" causes most of the confusion, so I hope that you're able to (ask someone to) write that out a bit further for the uninitiated. But it also suggests that in the case of such an applicaiton file, whatever it may be, there is a direct request, rather than a look-up.
(Sorry for not quoting that the first time; that time I was unable to find it, and now I magically was sent right to it again.)
Mysha
[I've checked the "Needs more information" box, in the hope that it means "The poster needs more information" (though it's more that I "would like" it, rather than "need"). It would seem that whether or not that's correct, it would be a good thing to write it out further. M.]
Isisombululo Esikhethiwe
more information about this is available at https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc
Hi,
Ah, I didn't see a link to that page at <https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_unwanted-software>.
So, it does indeed do remote lookup, but only on binary files, and only on Windows machines, and it can specifically be switched off, if from the config page.
Thanks you for your help.
Mysha