Google Safe Browsing
Google Safe Browsing is a blacklist service provided by Google that provides lists of URLs for web resources that contain malware or phishing content.[1][2] The Google Chrome, Safari, Firefox, Vivaldi, and GNOME Web browsers use the lists from the Google Safe Browsing service for checking pages against potential threats.[3][4] Google also provides a public API for the service.[5]
Google also provides information to Internet service providers, by sending e-mail alerts to autonomous system operators regarding threats hosted on their networks.[2]
According to Google, as of September 2017, over 3 billion Internet devices are protected by this service.[6]
Clients protected
- Web browsers: Google Chrome, Safari, Firefox, Vivaldi, and GNOME Web.
- Android: Google Play Protect, Verify Apps API
- Google Search
- Google AdSense: prevent advertisements to promote dangerous websites
- Gmail
Privacy
Google maintains the Safe Browsing Lookup API, which has a privacy drawback: "The URLs to be looked up are not hashed so the server knows which URLs the API users have looked up". The Safe Browsing Update API, on the other hand, compares 32-bit hash prefixes of the URL to preserve privacy.[7][8] The Chrome, Firefox and Safari browsers use the latter.[9]
Safe Browsing also stores a mandatory preferences cookie on the computer[10].
Google Safe Browsing "conducts client-side checks. If a website looks suspicious, it sends a subset of likely phishing and social engineering terms found on the page to Google to obtain additional information available from Google's servers on whether the website should be considered malicious". Logs, "including an IP address and one or more cookies" are kept for two weeks. They are "tied to the other Safe Browsing requests made from the same device."[11]
Criticism
Websites carrying ads that are infected might be blacklisted by Google Safe Browsing even when the website itself has no malware. To request removal from the blacklist requires a webmaster to create a Google Webmaster's Tool account which can take several days to be removed.[12]
See also
References
- ^ Barry Schwartz (May 23, 2008). "Google's Safe Browsing Diagnostic Tool". Search Engine Land. Retrieved 2012-09-01.
- ^ a b Lucian Constantin (Dec 2, 2011). "Google Safe Browsing Alerts Network Admins About Malware Distribution Domains". PCWorld.com. Retrieved 2012-09-01.
- ^ "Firefox Phishing and Malware Protection". Mozilla Foundation. Retrieved 2012-09-01.
- ^ "Phishing and malware detection". Google. Retrieved 2012-09-01.
- ^ "Safe Browsing API". Google. Retrieved 2012-09-01.
- ^ "Safe Browsing: Protecting more than 3 billion devices worldwide, automatically". The Google Blog. September 2017.
- ^ "Developer's Guide (v3)". Google Developers. 18 March 2015.
- ^ "Safe Browsing API - Google Developers". Google Developers. 18 March 2015.
- ^ Ed Bott. "Did Google withhold malware protection details from partners?". ZDNet.
- ^ "Cookies from Nowhere". Ashkan Soltani.
- ^ "Google Chrome Privacy Whitepaper". google.com.
- ^ "Google Safe Browsing Makes the Innocent Look Guilty". PCWorld. Retrieved 2018-07-29.
