Google Announced a major change in Secure browsing feature in Chrome today that will make the service work in real time by comparing it to a server-side list, all without sharing your browsing habits with Google.
Previously, Chrome downloaded a list of sites known to host malware, unwanted software, and phishing scams once or twice an hour. Chrome will now move to a system that will send the URLs you’re visiting to its servers and compare them to a quickly updated list there. The advantage of this is that it doesn’t take up to an hour to get an updated list because, as Google points out, the average malicious site doesn’t exist for more than 10 minutes.
The company claims that this new server-side system can detect up to 25 percent more phishing attacks than using local lists. These local lists have also grown in size, putting greater pressure on low-end machines and low-bandwidth connections.
Google is rolling out this new system to desktop and iOS users now, with support for Android coming later this month.
Share URL privately
Now, if all of this sounds a little familiar to you, then it’s probably because you’re already familiar with Safe Browsing. Improved mode. This mode also compares the URL you’re visiting to an online list in real time, but it also uses AI to block attacks that aren’t on any list, performs deeper file scans, and includes protection against malicious Chrome extensions. However, Enhanced Mode was always optional and will remain so (even when Google started to push people to light it last year). Standard protection mode does not use these AI features.
Google goes to great lengths to explain how this system can work in real time without sharing your browsing data with the company. This is how Google describes this process:
When you visit a site, Chrome It first checks its cache to see if the site address (URL) is already known to be safe (see the “Staying fast and reliable” section for more details).
If the visited URL is not in the cache, it may not be secure, so real-time verification is necessary.
Chrome obfuscate the URL following the instructions URL Hash Guide to convert the URL into full 32-byte hashes.
Chrome truncates full hashes into 4-byte long hash prefixes.
Chrome It encrypts the hash prefixes and sends them to a privacy server.
The privacy server removes possible user identifiers and forwards the encrypted hash prefixes to the Safe Browsing server over a TLS connection that combines requests with many others. Chrome users.
The Safe Browsing server decrypts the hash prefixes and compares them to the server-side database, returning full hashes of all non-secure URLs that match one of the hash prefixes sent by Chrome.
After receiving the full insecure hashes, Chrome compares them with the full hashes of the visited URL.
If any match is found, Chrome will show a warning.
Perhaps the most interesting part here is the privacy server. Google partnered with CDN and an edge computing specialist Quickly to use Fastly Foreign HTTP Privacy Server. This server sits between Chrome and Safe Browsing and removes any identifying information from the browser request.
Fastly built this system as a privacy service that can sit between users and a web application and anonymize their metadata while still being able to exchange data with a web application, for example. These servers, Google emphasizes, are managed independently by Fastly (a cynic might look at this and say that not even Google trusts itself not to spy on your browsing data…).
Thanks to all this, Google’s Safe Browsing service should never see your IP address. Meanwhile, Fastly will also not see these URLs because they are encrypted by the browser using a public-private key that Fastly does not have access to.