Google has announced a new way to further protect its privacy-minded users who browse using Google Safe Browsingwhich is a Google search setting that warns users when they may be entering a potentially dangerous site.
Although it has warned users about harmful websites on 5 billion devices since its launch 15 years ago, Google says that unsafe websites have adapted over time to bypass Safe Browsing. For most of its existence, Safe Browsing worked by detecting unsafe places and adding them to a list, so that when a user tries to visit a place, it first checks to see if the place is on that list and warns the user if it is.
However, the list is only updated every 30 to 60 minutes, while most insecure websites today have a shorter lifespan than that, allowing them to evade detection long enough to get people to click on them.
With the latest update, Google introduces real-time protection to the standard protection mode. It was previously only available in enhanced mode.
With this new real-time protection method, unsafe sites are added to the list as soon as they are detected. It will first check if the page is on the unsafe list, and if it is not, it will check at that moment.
According to Google, it does this in a privacy-preserving manner by converting URLs to 32-byte full hashes and sending the hash prefix to a privacy server to remove information that could be used to identify the user before sending it to the Safe Browsing Server.
“Ultimately, Safe Browsing sees the hash prefixes of your URL but not your IP address, and the privacy server sees your IP address but not the hash prefixes. No party has access to your identity and hash prefixes. As such, your browsing activity remains private,” wrote researchers from Google Chrome Security and Google Safe Browsing in blog post.
Once on the Safe Browsing server, the hash prefixes are decrypted and compared against a server-side database, which provides the full hashes of all matches. This allows Chrome to display an alert for that location without compromising user privacy.