Google has made a groundbreaking update to its Safe Browsing feature in Chrome. This powerful feature will now operate in real time, checking against a constantly updated server-side list without compromising your browsing privacy.
“The advantage of this is that it doesn’t take up to an hour to get an updated list because, as Google notes, the average malicious site doesn’t exist for more than 10 minutes.”
In the past, Chrome would download a list of dangerous websites, including those that host malware, unwanted software, and phishing scams, every hour or so. But now, Chrome will use a system that sends the URLs of the sites you’re visiting to its servers for immediate checks against a rapidly updated list. This new process means that users will no longer have to wait for a list update, as Google data shows that malicious sites typically don’t last longer than 10 minutes.
The company boasts that this real-time server-side system can catch up to 25% more phishing attempts compared to using local lists. However, these local lists have grown significantly in size, causing strain on low-end machines and low-bandwidth connections.
Google is now rolling out this game-changing system to desktop and iOS users, with Android support coming later this month.
But wait, this may sound familiar to some. That’s because you may already be familiar with the Safe Browsing Enhanced Mode. While it also provides real-time checks against an online list, Enhanced Mode also uses advanced AI technology to block attacks that are not on the list, conducts deeper scans of files, and safeguards against malicious Chrome extensions. However, this mode has always been opt-in, and it will remain that way despite Google’s efforts to persuade users to enable it last year. The standard protection mode does not utilize these advanced AI features.
Now, how does this innovative system work in real time without compromising your privacy? Google goes into detail about the process:
- When a site is visited, Chrome initially checks its cache to see if the URL is known to be secure. If it isn’t, a real-time check is necessary.
- The URL is then converted into a 32-byte full hash using URL hashing guidelines, and then truncated into a 4-byte long hash prefix.
- The hash prefix is encrypted and sent to a privacy server, where any potential user identifiers are removed. Then, the encrypted hash prefix is forwarded to the Safe Browsing server through a secure TLS connection along with requests from other Chrome users.
- The Safe Browsing server decrypts the hash prefixes and matches them against the server-side database, returning full hashes of all unsafe URLs that match the prefixes sent by Chrome.
- The unsafe full hashes are then checked against the full hash of the visited URL. If a match is found, Chrome will display a warning.
The most intriguing aspect here is the use of a privacy server. For this update, Google collaborated with Fastly, a CDN and edge computing specialist that provides Oblivious HTTP privacy servers. These servers act as a buffer between Chrome and Safe Browsing and strip away any identifying information from the browser request.
Interestingly, Fastly originally created this system as a privacy service for web applications, allowing them to anonymize user metadata while still exchanging data. According to Google, these servers operate independently from the company, suggesting that even Google doesn’t trust itself to not snoop on browsing data.
Thanks to this collaboration, Google’s Safe Browsing service will never have access to your IP address. Additionally, Fastly won’t see any encrypted URLs, as they are encoded by the browser using a public-private key that’s unavailable to Fastly.
With this groundbreaking update, Google’s Safe Browsing feature is taking a huge step towards protecting user privacy while maintaining its effective protection against dangerous websites.