kristovatlas/osx-config-check

Should Google "Safe Browsing" be Enabled?

Open

#60 opened on Jun 24, 2016

View on GitHub
 (0 comments) (0 reactions) (0 assignees)Python (1,248 stars) (130 forks)batch import
discussionhelp wantedresearch

Description

Discussion: Currently I'm setting this configuration to be turned on by default in all Google Chrome profiles with a "recommended" level of confidence. I'd like other opinions here on whether it's more good or bad, however.

https://en.wikipedia.org/wiki/Google_Safe_Browsing

Google maintains the Safe Browsing Lookup API, which has a privacy drawback: "The URLs to be looked up are not hashed so the server knows which URLs the API users have looked up". The Safe Browsing API v3, on the other hand, compares 32-bit hash prefixes of the URL to preserve privacy.[7][8] The Firefox and Safari browsers use the latter.[9]

Safe Browsing also stores a mandatory preferences cookie on the computer[10] which the US National Security Agency allegedly uses to identify individual computers for purposes of exploitation.[11]

Google Safe Browsing "conducts client-side checks. If a website looks suspicious, it sends a subset of likely phishing and social engineering terms found on the page to Google to obtain additional information available from Google's servers on whether the website should be considered malicious". Logs, "including an IP address and one or more cookies" are kept for two weeks. They are "tied to the other Safe Browsing requests made from the same device."[12]

Contributor guide

Tech stack
None
Domain
security
Issue type
research
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
2
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
under 1 hour
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
unclear
Prerequisites
basic understanding of browser security
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
20
Research direction
This issue is a discussion about whether to enable Google Safe Browsing by default in Chrome profiles. The maintainer is seeking opinions on the trade offs between security and privacy. A newcomer should research the implications by reading the Wikipedia article provided and other sources, then comment with a recommendation. No code changes are required; the resolution is a decision.