Please for the love of god do not disable the Google SafeBrowsing preferences. SafeBrowsing protects you from a lot of malicious websites, and does not leak much information to Google. For most people the security benefits of SafeBrowsing far outweigh the privacy concerns.
It is important to remember that malicious websites and malware in general may negatively impact your security and privacy in extremely harmful ways (malware compromises PII, website credentials, financial information, uses webcam and microphone to photograph/film/record you from blackmail/revenge porn purposes, ...)
For context, please see these relevant Mozilla bugs about SafeBrowsing privacy concerns: [0], [1]. tl;dr Firefox must set a cookie for SafeBrowsing, but it uses a separate cookie jar for SafeBrowsing so Google cannot tie the Safebrowsing activity to anything else you do related to Google or their services (which is the biggest concern here). They can learn a limited profile of your browsing activity, along the lines of "Random user x often uses their browser between 9am and 5pm on M-F".
The Safebrowsing implementation is specifically designed to be privacy-preserving. [2] It uses a Bloom filter to implement fast lookups in a minimally sized hash table of known malicious URL's. The only time a full URL (actually various hashes of multiple prefixes of the full URL, including the full URL) that you browse it sent to Google is when a prefix of it collides with a known malicious URL, in which case the URL must be sent to Google to resolve the question of whether the URL you are trying to visit is actually malicious or just a false positive from the Bloom Filter. Yes, the hashes are unsalted so it would be possible for Google to check if you were trying visit some pre-determined URL ("were they trying to visit www.thoughtcrime.org?") but only if it collided with a known malicious URL.
It would be helpful to know what the average rates of collisions and false positives are to get a sense of how much of an average user's browsing history is leaked to Google through Safe Browsing - can anybody from Google comment?
Please for the love of god do not disable the Google SafeBrowsing preferences. SafeBrowsing protects you from a lot of malicious websites, and does not leak much information to Google. For most people the security benefits of SafeBrowsing far outweigh the privacy concerns.
I would never disable it for my mom, or any non technical friends. But I would hope the majority of HN users are pretty good at spotting, and steering clear of malicious websites.
They're designed to trick you, so I don't think any population, no matter how sophisticated, should trust themselves to correctly identify malicious websites 100% of the time.
Additionally, some sites may potentially contain exploits that run as soon as you visit the site (vulnerabilities in plugins like Java or Flash, drive-by downloads, etc.) in which case it doesn't matter if you correctly identify the website as malicious and hit the "Back" button - it's already too late. Much better to avoid loading the content at all, which is exactly what is achieved with SafeBrowsing.
Safebrowsing protects you from more than tricky websites - it blocks sites and services that are known to serve malware. It doesn't matter how clever a user you are, if your browser (doesn't matter which one) navigates to a site that hosts malicious code that targets an unpatched vulnerability, you're hosed.
In the history of the malicious site blacklist I've only ever tried visiting one or two sites that were flagged. For your average non-technical person sure, keep it enabled. For someone browsing HN and editing config values it's not a problem.
"separate cookie"? Just correlate it by IP address (or whatever) + time. While I'm not a database expert, I'm sure I could make something like this work:
SELECT users.id AS google_user_id
sb_hits.ip_addr AS safebrowsing_update_ip_addr
sb_hits.request_time AS safebrowsing_update_time
FROM all_page_hits AS user_hits,
all_page_hits AS sb_hits,
normal_google_accounts AS users,
safebrowsing_pseudo_accounts AS sb_users
WHERE users.cookie = user_hits.cookie
AND sb_users.cookie = sb_hits.cookie
AND user_hits.ip_addr = sb_hits.ip_addr
AND (sb_hits.request_time BETWEEN (user_hits.request_time - interval '1 hour')
AND (user_hits.request_time + interval '1 hour'))
Any cookie at all betrays information (that's what it's for!), and once any sort of correlation is established, that "separate cookie" can be permanently tied to the real account(s).
The IP betrays information as well, but that's not a reason to make it even easier with a cookie.
"Random user x often uses their browser between 9am and 5pm on M-F"
That's exactly the important information that should be protected, to resist pattern-of-life analysis.
(apologies for any SQL errors; it's been a while since I did any serious db work)
I don't understand the skeptical scare quotes around "separate cookie". If you read the linked bugs, you would see that when SafeBrowsing was originally added to Firefox, it used the same cookie jar, which meant that SafeBrowsing requests included a cookie for safebrowsing.google.com (necessary for it to function) but also all cookies for *.google.com, which is clearly undesireable from a privacy perspective and has since been fixed.
If pattern-of-life analysis is a concern of yours, you should be using the Tor Browser and taking a whole host of other precautions. Fiddling with a bunch of prefs in about:config and using an ad blocker isn't going to cut it.
And again, it's not a zero-sum game. Safe Browsing provides some meaningful benefit of terms of protecting users from malicious websites, which on balance is probably worth the compromise to their privacy (which is comparatively minor and was minimized through careful and intentional engineering).
I agree that it's worthwhile to try to stop the trend towards increasing surveillance of Internet users using whatever techniques are available, but it's really at the core of the Internet's business model and some fundamental changes are necessary.
It is important to remember that malicious websites and malware in general may negatively impact your security and privacy in extremely harmful ways (malware compromises PII, website credentials, financial information, uses webcam and microphone to photograph/film/record you from blackmail/revenge porn purposes, ...)
For context, please see these relevant Mozilla bugs about SafeBrowsing privacy concerns: [0], [1]. tl;dr Firefox must set a cookie for SafeBrowsing, but it uses a separate cookie jar for SafeBrowsing so Google cannot tie the Safebrowsing activity to anything else you do related to Google or their services (which is the biggest concern here). They can learn a limited profile of your browsing activity, along the lines of "Random user x often uses their browser between 9am and 5pm on M-F".
The Safebrowsing implementation is specifically designed to be privacy-preserving. [2] It uses a Bloom filter to implement fast lookups in a minimally sized hash table of known malicious URL's. The only time a full URL (actually various hashes of multiple prefixes of the full URL, including the full URL) that you browse it sent to Google is when a prefix of it collides with a known malicious URL, in which case the URL must be sent to Google to resolve the question of whether the URL you are trying to visit is actually malicious or just a false positive from the Bloom Filter. Yes, the hashes are unsalted so it would be possible for Google to check if you were trying visit some pre-determined URL ("were they trying to visit www.thoughtcrime.org?") but only if it collided with a known malicious URL.
It would be helpful to know what the average rates of collisions and false positives are to get a sense of how much of an average user's browsing history is leaked to Google through Safe Browsing - can anybody from Google comment?
[0]: https://bugzilla.mozilla.org/show_bug.cgi?id=368255 [1]: https://bugzilla.mozilla.org/show_bug.cgi?id=897516 [2]: https://code.google.com/p/google-safe-browsing/wiki/SafeBrow...