This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

block phishing but do not use google

  • 3 replies
  • 1 has this problem
  • 6 views
  • Last reply by philipp

ohjustinternetstuff
ohjustinternetstuff
more options

> When you download an application file, Firefox checks the site hosting it against a list of sites known to contain "malware". If the site is found on that list, Firefox blocks the file immediately, **otherwise it asks Google’s Safe Browsing service if the software is safe by sending it some of the download’s metadata.**

So a record of any application I download that is not immediately identified as malware is sent to Google?

How can I use the purely local part of this service without sending anything to an external site?

Thanks!

> When you download an application file, Firefox checks the site hosting it against a list of sites known to contain "malware". If the site is found on that list, Firefox blocks the file immediately, **otherwise it asks Google’s Safe Browsing service if the software is safe by sending it some of the download’s metadata.** So a record of any application I download that is not immediately identified as malware is sent to Google? How can I use the purely local part of this service without sending anything to an external site? Thanks!

Chosen solution

as far as i know it's still windows only - just to be sure you could still toggle the browser.safebrowsing.downloads.remote.enabled pref to false though.

Read this answer in context 👍 0

All Replies (3)

philipp
philipp
  • Moderator
more options

ohjustinternetstuff said

So a record of any application I download that is not immediately identified as malware is sent to Google?

hi, only information from unsigned executables (or when the signature doesn't check out) will be sent to google's safebrowsing service. the implementation & also how to turn off that remote app reputation check are explained in https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc

Modified by philipp

ohjustinternetstuff
ohjustinternetstuff Question owner
more options

Thanks for the reply. In the doc you sent me:

> If a local result is not found, the user-agent may perform a remote-lookup on Windows only.

Is any remote lookup performed on Linux clients (Google or other), or just Windows?


Thanks!

philipp
philipp
  • Moderator
more options

Chosen Solution

as far as i know it's still windows only - just to be sure you could still toggle the browser.safebrowsing.downloads.remote.enabled pref to false though.