Google Safe Browsing
Google Safe Browsing is a service provided by Google that provides lists of URLs for web resources that contain malware or phishing content. The Google Chrome, Apple Safari and Mozilla Firefox web browsers use the lists from the Google Safe Browsing service for checking pages against potential threats. Google also provides a public API for the service.
According to Google, as of June 2012, some 600 million Internet users were using this service, either directly or indirectly.
Google maintains something called the Safe Browsing Lookup API, which has a privacy drawback: "The URLs to be looked up are not hashed so the server knows which URLs the API users have looked up". Whereas the Safe Browsing API v2, instead has the following privacy advantage: "API users exchange data with the server using hashed URLs so the server never knows the actual URLs queried by the clients". The Firefox and Safari browsers use the latter.
Google Safe Browsing "conducts client-side checks. If a website looks suspicious, it sends a subset of likely phishing and social engineering terms found on the page to Google to obtain additional information available from Google's servers on whether the website should be considered malicious". Logs, "including an IP address and one or more cookies" are kept for two weeks. They are "tied to the other Safe Browsing requests made from the same device."
- Barry Schwartz (May 23, 2008). "Google’s Safe Browsing Diagnostic Tool". Search Engine Land. Retrieved 2012-09-01.
- "Google Safe Browsing Alerts Network Admins About Malware Distribution Domains". PCWorld.com. Lucian Constantin. Retrieved 2012-09-01. Check date values in:
- "Firefox Phishing and Malware Protection". Mozilla Foundation. Retrieved 2012-09-01.
- "Phishing and malware detection". Google. Retrieved 2012-09-01.
- "Safe Browsing API". Google. Retrieved 2012-09-01.
- Chris Richardson (June 19, 2012). "Google Discusses Its Safe Browsing Record". WebProNews. Retrieved 2012-09-01.
- "NSA uses Google cookies to pinpoint targets for hacking". The Washington Post. Retrieved 2014-06-10.