Today, Google announced an important change to its Safe Browsing feature in Chrome so the service will work in real time by checking against a server-side list — all without sharing your browsing habits with Google.
Previously, Chrome downloaded once or twice per hour a list of known sites harboring malware, unwanted software and phishing scams. Now, Chrome will transition to a new system which will be sending the URLs you are visiting to its servers and crosscheck against a list getting updated fast there. The good news about this is that it will no longer take an hour to get an updated list because, according to Google, the average malicious site does not exist for more than 10 minutes.
The company claims the new server-side system can identify 25% more phishing attacks than the use of local lists. Local lists are also getting larger in size, further straining low-end machines and low-bandwidth connections.
Google is beginning to roll out the new system. The system is available on desktop and iOS devices now, and on Android devices this month.
Sharing URLs privately
Now, if all this sounds somewhat familiar, then that's probably because you already know the Safe Browsing Enhanced Mode. This mode also checks the URL you are trying to visit against a real-time list online, but it also depends on AI to automatically block attacks that aren't on any list, performs deeper file scans, and includes protection from malicious Chrome extensions. The Enhanced Mode was always opt-in, though-and will remain so (even as Google started nudging people into turning it on last year). The standard protection mode does not use these AI features.
Google goes to great lengths explaining how this system can work in real time without sharing your browsing data with the company. Here is how Google describes this process:
When a site is visited, Chrome first tries to cache an indication of whether the address (URL) of the site is known to be safe. See the "Staying speedy and reliable" section for more details about what's happening.
If the visited URL isn't cached, then it may not be known to be safe, so a live check is needed.
Chrome uses an obfuscation of the URL by following the guidance on URL hashing which converts the URL to 32-byte full hashes.
Chrome truncates the full hashes into 4-byte long hash prefixes.
Chrome encrypts the hash prefixes and sends them to a privacy server.
The privacy server removes any possible user identifiers and forwards the encrypted hash prefixes to the Safe Browsing server over a TLS connection that mixes requests from many other Chrome users.
The Safe Browsing server decrypts the hash prefixes and checks them against its server-side database, returning full hashes of all unsafe URLs that match one of the hash prefixes sent by Chrome.
Upon receipt of unsafe full hashes, Chrome will check them against full hashes of the URL visited.
Upon a match, Chrome will include a warning.
Maybe the most interesting here is the privacy server. Google partnered with CDN and edge computing specialist Fastly for using Fastly's Oblivious HTTP privacy server. It sits in between Chrome and Safe Browsing and strips out any identifying information from the browser request.
Fastly designed this for a privacy service that can place itself between users and a web application and anonymize metadata while still being able to exchange data with a web application, for example. For one, Google emphasizes that these servers are operated independently by Fastly-a cynic may look at this whole scheme and say that even Google doesn't trust itself to not snoop on your browsing data….
Thanks to all of this, the IP address would never reach Google's Safe Browsing service. Simultaneously, these URLs would not even reach Fastly, because they are encrypted by the browser itself, with a public-private key Fastly has no access to.