This is not, in fact, how Safe Browsing APIs work. Instead, you download a database ahead of time, with more detailed information as needed. At no point do you share the actual URL requested.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Microsoft Edge 89 Brings Vertical Tabs and New History View
- Thread starter MacRumors
- Start date
- Sort by reaction score
It can work both ways
developers.google.com
Overview | Safe Browsing APIs (v4) | Google for Developers
The Safe Browsing APIs allow client applications to check URLs against Google's constantly updated lists of unsafe web resources.
developers.google.com
Ah, one more step toward what OmniWeb’s feature set included decades ago. Someday, the modern browsers will have finally filled in all the missing pieces....
It can, but I doubt any reputable browser uses the Lookup API.It can work both ways
Overview | Safe Browsing APIs (v4) | Google for Developers
The Safe Browsing APIs allow client applications to check URLs against Google's constantly updated lists of unsafe web resources.
If it's doesn't link to you, how do they sync that exactly data to you. And second we all don't know what running inside they servers.
It is, in fact, how it is used. The list is continuously updated, and not downloaded when the API call is made. You’d be downloading a new database every few seconds, rather than sending out a URL to check for a match once.
.... the URL goes to Microsoft and they check it with THEIR API call to the many databases.
In Windows you can also do this with files and .exe’s that are stored locally - really anything that shows in File Explorer. It sends data to Microsoft, they do the check and return a result to you.
Your agent to do this is Microsoft... share with one, they call to many. Rather than you calling to many.
I’m discussing the Google Safe Browsing API, since you incorrectly stated: “It's also how Safari Safe Browsing works.”
I don’t know what MS does. If they do transmit individual URLs, that’s a poor design. Safari does not transmit individual URLs to check if they are safe. At no point does Apple or Google know whether you wanted to know if a URL is safe.
That’s a different thing though. (But yes, problematic, just like notarization.)
True, unless its verifiable and open source, you cannot be sure whether they say what they’re doing is acually what they’re doing.
However, obviously it's linked to you, but the link is diassociated from your ID and therefore you, and the data is encrypted. So they dont know it’s you, and they dont know what your browsing.
In case you’ve all forgotten what you’re aurguing about; The privacy label in the Edge AppStore entry said that the browsing history is data that may be collected and linked to your identity. That means Microsoft have access to what you’re looking at on the internet.
Neither Firefox nor Safari operate like this. Your data is not available to either Apple or Mozilla for perusal or scrutiny. That doesnt appear to be the case with Microsoft Edge.
Last edited:
They ALL operate like that. Sorry about your luck. I fully explained what's going on with that data, and how it's being used.
Ok... but that's exactly how it's used. With the Google Safe Browsing API, you're sending the URL and other data in to be validated if it has certain marks of suspicious webpages and is not present in the database.
...and it isn't Hashed like other databases, so Google knows exactly what you're looking at.
"Chrome will send an incident report to Google every time you receive a warning, visit a suspicious page, and on a very small fraction of sites where Chrome thinks there could be threats, to help Safe Browsing learn about the new threats you may be encountering. Additionally, some downloaded files that are suspicious and show a warning may be sent to Google for investigation each time they are encountered. All reports are sent to Google over an encrypted channel and can include URLs, headers, and snippets of content from the page and they never include data from browsing you do in Incognito mode. If Chrome discovers unwanted or malicious software on your machine, the reports may also include details about malicious files and registry entries. This data is used only to improve Safe Browsing and to improve security on the Internet."
I have a problem with the Instagram and Whatsapp system.Ok... but that's exactly how it's used. With the Google Safe Browsing API, you're sending the URL and other data in to be validated if it has certain marks of suspicious webpages and is not present in the database.
...and it isn't Hashed like other databases, so Google knows exactly what you're looking at.
"Chrome will send an incident report to Google every time you receive a warning, visit a suspicious page, and on a very small fraction of sites where Chrome thinks there could be threats, to help Safe Browsing learn about the new threats you may be encountering. Additionally, some downloaded files that are suspicious and show a warning may be sent to Google for investigation each time they are encountered. All reports are sent to Google over an encrypted channel and can include URLs, headers, and snippets of content from the page and they never include data from browsing you do in Incognito mode. If Chrome discovers unwanted or malicious software on your machine, the reports may also include details about malicious files and registry entries. This data is used only to improve Safe Browsing and to improve security on the Internet."
On Instagram publishing stories it generates a fuse of wilted time.instead of whatsapp does not open voice memos, it is a problem of software no whatsapp is because I distillated it several times.
It’s ok to have an opinion. But don’t spread fud like it’s a fact. Also it’s quite irrelevant and/or detrimental to your argument by quoting Google chrome privacy practices regarding this thread, being as though we’re talking about Edge Firefox and Safari.Ok... but that's exactly how it's used. With the Google Safe Browsing API, you're sending the URL and other data in to be validated if it has certain marks of suspicious webpages and is not present in the database.
...and it isn't Hashed like other databases, so Google knows exactly what you're looking at.
"Chrome will send an incident report to Google every time you receive a warning, visit a suspicious page, and on a very small fraction of sites where Chrome thinks there could be threats, to help Safe Browsing learn about the new threats you may be encountering. Additionally, some downloaded files that are suspicious and show a warning may be sent to Google for investigation each time they are encountered. All reports are sent to Google over an encrypted channel and can include URLs, headers, and snippets of content from the page and they never include data from browsing you do in Incognito mode. If Chrome discovers unwanted or malicious software on your machine, the reports may also include details about malicious files and registry entries. This data is used only to improve Safe Browsing and to improve security on the Internet."
Private by Design: How we built Firefox Sync – Mozilla Hacks - the Web developer blog
Firefox Sync by default protects all your synced data so Mozilla can’t read it. We built Sync this way because we put user privacy first. How it works is...
hacks.mozilla.org
About privacy information on the App Store and the choices you have to control your data – Apple Support (UK)
The App Store includes detailed privacy information that helps you understand each app's data collection practices.
Study ranks the privacy of major browsers. Here are the findings
Upstart Brave browser gets the highest ratings. Chrome, Firefox and Safari fall between.
arstechnica.com
URLs and Hashing | Safe Browsing APIs (v4) | Google for Developers
developers.google.com
Privacy - Labels
Privacy labels inform you of app privacy practices so you can make better choices. See how apps from Apple handle your data.
support.apple.com
Last edited:
Yes, it’s literally hashed. Not only that, a hash isn’t transmitted, but rather the prefix of a hash.
Sigh... the database list is hashed, and if there's a match against the hash, the full URL is sent to Google... unmasked.
It's literally in the Overview of the Google Developer API page for it.
It’s ok to have an opinion. But don’t spread fud like it’s a fact. Also it’s quite irrelevant and/or detrimental to your argument by quoting Google chrome privacy practices regarding this thread, being as though we’re talking about Edge Firefox and Safari.
Private by Design: How we built Firefox Sync – Mozilla Hacks - the Web developer blog
Firefox Sync by default protects all your synced data so Mozilla can’t read it. We built Sync this way because we put user privacy first. How it works is...hacks.mozilla.orgAbout privacy information on the App Store and the choices you have to control your data – Apple Support (UK)
The App Store includes detailed privacy information that helps you understand each app's data collection practices.support.apple.com
Study ranks the privacy of major browsers. Here are the findings
Upstart Brave browser gets the highest ratings. Chrome, Firefox and Safari fall between.URLs and Hashing | Safe Browsing APIs (v4) | Google for Developers
Privacy - Labels
Privacy labels inform you of app privacy practices so you can make better choices. See how apps from Apple handle your data.support.apple.com
We seem to be contradicting ourselves now. Are we talking about the API? Or are we not? You said what you, yourself, were discussing. I replied to that. In any event...
Overview | Safe Browsing APIs (v4) | Google for Developers
The Safe Browsing APIs allow client applications to check URLs against Google's constantly updated lists of unsafe web resources.
developers.google.com
Lookup API (V4)
Privacy: URLs are not hashed, so the server knows which URLs you look up.
The main database contains hash prefixes. If you match a prefix, and you don’t have recent data for that prefix, you fetch all data matching that prefix from Google.
It isn’t. If it were, none of the hashing would make any sense.
I pointed out to you how Microsoft edge, in contradiction to other browsers such as safari Firefox and brave, can see your browsing history and it remains linked to you. Then you made this ludicrous and completely irrelevant comment:
...and now you’re claiming safari and Firefox send URL’s to Google in plain text, and quoting chrome browsers privacy policy as ‘proof’. *shrug*
Grrr tried to add both @cupcakes2000 screenshot of tracking along with your quote above.
I'm hoping Apple in iOS/iPadOS implements further data reporting of apps.
Stating that browsing history alone is not enough, as highlighted by @arhytcipt ... it's confusing at best, misleading at worse. We need specifically WHAT an app is actually doing.
Hey guys you guys!
I thought we were talking about vertical tabs!
