Google Safebrowsing can no longer be disabled on mobile Firefox

I am reposting this because I was shadowbanned from Reddit with no reason given by their Anti-Evil Operations Team for several days which means nobody saw this even after it was restored:

No way to disable Phishing and Malware Protection for users who are suspicious of Google and leaking browsing history to Google.

Relevant content on the failure of anonymization:

How safebrowsing fails to protect privacy

A Privacy Analysis of Google and Yandex Safe Browsing

Our experimental analysis estimates the rate of such collisions and shows that hashing and truncation fails to prevent re-identification when a user visits small-sized domains or certain URLs of larger domains. We further materialize this in the form of an algorithm that Google and Yandex could potentially employ to track users. We conclude this work by providing an analysis of the databases of Google and Yandex (Section 7). By crawling their databases, we detect a number of “suspicious” prefixes that we call orphans. Orphans trigger communication with the servers, but no full digest corresponds to them. We also observe several URLs which have multiples prefixes included in the blacklists. These provide concrete examples of URLs and domains that can be easily tracked by Google and Yandex.

Does it have the potential of sending full URL-s to Google? Yes, it does. From the page given by you:
“Otherwise, send the binary file’s metadata to the remote application reputation server (browser.safebrowsing.downloads.remote.url) and block the download if the server indicates that the file isn’t safe.”
with the link on “metadata” leading to parts of code where there is setting in request properties of origin URL. If I read code correctly - - it is stripped from query params, but full hostname + path ARE included in this case.


#ff #firefox #Google

I guess the point here is that there is no option from the user interface to disable it and you can’t access about:config in the stable Firefox.
Anyway you can access to about:config in Fennec and there are browser.safebrowsing.XXX entries you can change, do they work?

Edit: I don’t see any Google requests in about:networking, maybe @relan has disabled safebrowsing by default?

I don’t see any Google requests in about:networking, maybe @relan has disabled safebrowsing by default?

Nope. Should work in the same way as in Firefox.