This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Does the security contact with Google Safe Browsing defeat the privacy non-tracking setting?

  • 4 replies
  • 2 have this problem
  • 1 view
  • Last reply by Mysha

more options

Hi,

As I understand it, secure browsing will tell Google Safe Browsing what page I'm on. I'm not sure exactly when it does that; from the description I encountered it could be as often as any time it encounters a bit of javascript. Since Google tell us they store whatever information is sent to them, it would seem that this setting might allow them to track the secure user.

On the other hand, the Privacy settings allow some measure of protection against tracking. So, what happens if a user wants to have both privacy and security? Will security be limited so it doesn't contact Google? Or will privacy be limited so it allows contacting Google? Or would there be a pop-up to ask you to decide yourself?

(Though this contacting is described as a separate action, in V47.0, I don't see a separate setting to (de)activate it.)

                                                                                                                                                                                                        Mysha
Hi, As I understand it, secure browsing will tell Google Safe Browsing what page I'm on. I'm not sure exactly when it does that; from the description I encountered it could be as often as any time it encounters a bit of javascript. Since Google tell us they store whatever information is sent to them, it would seem that this setting might allow them to track the secure user. On the other hand, the Privacy settings allow some measure of protection against tracking. So, what happens if a user wants to have both privacy and security? Will security be limited so it doesn't contact Google? Or will privacy be limited so it allows contacting Google? Or would there be a pop-up to ask you to decide yourself? (Though this contacting is described as a separate action, in V47.0, I don't see a separate setting to (de)activate it.) Mysha

Chosen solution

All Replies (4)

more options

hi Mysha, this is not how safebrowsing is working, as this is designed with much more privacy-focus in mind. firefox is downloading a list with known bad domains from google's servers regularly (through a "sandboxed" connection with separate cookies, so google cannot attribute that connection to your normal search history on google). then firefox is comparing the sites you visit to this locally stored list of bad domains.

How does built-in Phishing and Malware Protection work? https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/

more options

Hi,

"When you download an application file, Firefox checks the site hosting it against a list of sites known to contain “malware”. If the site is found on that list, Firefox blocks the file immediately, otherwise it asks Google’s Safe Browsing service if the software is safe by sending it some of the download’s metadata." (<https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_unwanted-software>)

That's an example of a description that says it asks the service, though it may not be the one I originally encountered when searchign why a typical Google block was being implemented directly by my Firefox.

Obviously the description "application file" causes most of the confusion, so I hope that you're able to (ask someone to) write that out a bit further for the uninitiated. But it also suggests that in the case of such an applicaiton file, whatever it may be, there is a direct request, rather than a look-up.

(Sorry for not quoting that the first time; that time I was unable to find it, and now I magically was sent right to it again.)

                                                         Mysha

[I've checked the "Needs more information" box, in the hope that it means "The poster needs more information" (though it's more that I "would like" it, rather than "need"). It would seem that whether or not that's correct, it would be a good thing to write it out further. M.]

more options

Chosen Solution

more options

Hi,

Ah, I didn't see a link to that page at <https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_unwanted-software>.

So, it does indeed do remote lookup, but only on binary files, and only on Windows machines, and it can specifically be switched off, if from the config page.

Thanks you for your help.

                                                          Mysha