Google has announced new ways to further protect privacy-conscious users. Google Safe Browsingis a Google search setting that warns users when they may be entering a potentially dangerous site.
Google says it has warned users about harmful sites across five billion devices since its launch 15 years ago, but over time it has adapted to allow unsafe sites to bypass Safe Browsing. In most cases, Safe Browsing worked by finding unsafe sites and adding them to a list. So when a user tries to visit a site, it first checks to see if the site is in that list, and if so, warns the user.
But while the list is updated every 30 to 60 minutes, most insecure websites today have a lifespan shorter than that, allowing them to evade detection long enough for people to click on them.
With the latest update, Google has introduced real-time protection to Standard Protected Mode. Previously it was only available in advanced mode.
With this new real-time protection mode, unsafe sites are added to the list as soon as they are discovered. It first checks whether the site is in the unsafe list, and if not, it performs a check at that moment.
According to Google, it does this in a privacy-preserving manner by converting the URL into a full 32-byte hash and sending the hash prefix to a privacy server, removing any information that could be used to identify the user before sending it to the vault. Browsing Server.
“Ultimately, Safe Browsing checks the hash prefix of URLs, but not IP addresses, and Privacy Servers check IP addresses, but not hash prefixes. No one has access to both your identity and your hash prefix. So your browsing activity stays private.” Researchers at Google Chrome Security and Google Safe Browsing wrote: blog post.
Once on the Safe Browsing server, the hash prefix is decrypted and matched against a server-side database, providing the full hash of the match. This allows Chrome to display warnings about those sites without compromising user privacy.