What is being send to received from safebrowsing-google-com when I open Firefox

Prévia do material em texto

Este é o cache do Google de http://serverquestions.com/questions/gtez/what-is-being-send-to-received-from-safebrowsing-google-com-when-i-open-firefo. Ele é um instantâneo da página com a aparência que ela tinha em 10 jul. 2015 15:42:55 GMT. 
A página atual pode ter sido alterada nesse meio tempo. Saiba mais
Versão completaVersão somente textoVer código-fonteDica: para localizar rapidamente o termo de pesquisa nesta página, pressione Ctrl+F ou ⌘-F (Mac) e use a barra de localização.
· Home 
· Tags 
Welcome to ServerQuestions.com, Here you can ask questions and receive answers from other members of the community.It's 100% free for all.
Related questions 
· What is the domain “safebrowsing-cache.google.com” used for?
· Speed up FireFox when using TOR
· How to disable Google Chrome from sending data to safebrowsing-cache.google.com and safebrowsing.clients.google.com?
· What information about my computer can a browser send to a web server?
· Firefox stops loading pages after I have several open
· In Firefox, how can I open new tabs when the spinner is green?
· Send Link from any website via Firefox does not work anymore
· How can I ensure Firefox history is completely deleted after exiting?
· Why the other URL is opening instead of the expected URL after clicking on a link received from google search in Firefox?
· Firefox unable to load google.com after leaving computer with firefox open for several hours
· How do I allow commenting in Youtube (through Google+) if I have third-party cookies disabled?
What is being send to/received from "safebrowsing.google.com" when I open Firefox?
When I first open Firefox, I always get this notification from my firewall within about 30 seconds-ish. It does not matter if I'm yet browsing the web, I could just have a blank page up, or I could be using a local network website; I always get a message saying that Firefox is attempting to connect to safebrowsing.google.com.
As you can see in the firewall prompt picture, this connection is started by my computer, more specifically Firefox. 
As you can see in the picture of my firewall's packet log, there are repeated inbound/outbound connections to that address with the browser just sitting open, and not doing anything.
System Details:
· Firefox 32.0.0.5350
· Windows 8
Firefox Details:
· Options/Advanced/Update/Firefox updates: Never check for updates
· Options/Advanced/Update/Automatically update: Search Engines is unchecked.
· Options/Advanced/Data Choices/Telemetry: Telemetry is unchecked.
· Options/Advanced/Data Choices/Firefox Health Report: Enable Firefox Health Report is unchecked.
· Options/Advanced/Data Choices/Crash Reporter: Enable Crash Reporter is unchecked.
· Options/General/Startup: When Firefox Starts is set to Show my home page.
· Options/General/Startup: Home Page is set to about:newtab.
· Manage Search Engine List: Google is set at the top of my list, and Show search suggestions is enabled.
If I manually attempt to visit safebrowsing.google.com in Firefox it just redirects to Google.ca. According to Wikipedia:
The Google Chrome, Apple Safari and Mozilla Firefox web browsers use the lists from the Google Safe Browsing service for checking pages against potential threats.
However, I don't see what Firefox could possibly be looking up when I'm not even browsing the web. 
As mentioned in this answer, shouldn't it only be looking things up if I perform a search, or type a URL in the address bar? 
I would like to know why this connection is occuring, and what is being sent/recieved over it? This will help me decide whether to leave it alone, create a custom firewall rule blocking it, or ditch Firefox for a more respectful browser; I have low tolerance for non-user-initiated internet/network use by any application, even if it is intended to be helpful.
· firefox
· browser
· privacy
1 Answers
You are getting an up to date list of blacklisted URLs that are known to contain phishing and malware. The update happens shortly after startup and once again every 30-45 minutes.
Mozilla claims the following: 
"No information about you or the sites you visit is communicated during list updates... in the event that you encounter a reported phishing or malware site [b]efore blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update."
The accepted answer here is unfortunately completely wrong, as this feature can absolutely be disabled easily.
Despite what it says, none of the messing with the hosts file is necessary, you can just change the "Block reported attack sites" and "Block reported web forgeries" settings in Firefox's Security Preferences and this will stop both the updates and checking the lists from happening. 
If you manually fiddle in the about:config settings, you must also flip this preference: "browser.safebrowsing.downloads.enabled" which disables updating of blacklisted downloads as well.
Mozilla claims that no information about search queries is ever sent, only the double-check of an encountered reported phishing or malware site, as mentioned above.
· I appreciate the good intention of editing my post to say "Mozilla claims", but I am the actual person that wrote the code. And yes, you can and should complain and file bugs if it doesn't work as stated.
· So... Firefox doesn't send my IP to Google, right? I read this mailman.stanford.edu/pipermail/liberationtech/2015-April/… and I was looking for an answer when I stumbled upon yours.
· If disable the feature then no connection is made, as pointed out above and in the link you posted. Making a connection to any server (in this case to get an updated malware database) always sends your IP, because the server needs to know where to send the response. That's how TCP/IP and the internet works! The link you quoted isn't...wrong...but written in a quite deceptive manner to make it sound like sending the IP is something exceptional that's intentionally done for malicious reasons.
· thank you for your nice reply :-)
· @sundar The feature page is here, there are links to further documentation. wiki.mozilla.org/Security/Features/Application_Reputation
Browsers that use Google's Safe Browsing will periodically download the most recent list of dangerous sites. When you visit a site the local copy of the list will be checked to make sure it's not flagged. Information about your system such as your IP, cookies that uniquely identify your computer, and you search query may sometimes be uploaded to Google (REF: http://www.google.com/intl/en_us/privacy/browsing.html ) (REF: https://www.google.com/intl/en/chrome/browser/privacy/ ) (REF: http://www.google.com/intl/en/policies/privacy/key-terms/#toc-terms-server-logs ).
So it appears that this is what my computer is sending/receiving. The reason it occurs all the time is because I have disk protection installed that erases changes upon reboot so my list is likely way out of data the first time I open Mozilla Firefox.
Unfortunately the Google Safe Browsing feature of Mozilla Firefox cannot be turned off. You can alter your settings to not use the Google Safe Browsing list. Go to Options/Security and uncheck Block reported attack sites and Block reported web forgeries (REF: https://support.mozilla.org/en-US/questions/922449 ) . However this doesn't prevent Mozilla Firefox from sending/recieving data from safebrowsing.google.com, it only tells your browser not to use the list information to protect you.
Work Arounds:
1. Create an entry in you hosts file to redirect safebrowsing.google.com to your localhost ip address. This will protect you from any program you run that uses Google Safe Browsing, because the connection attempt will be to your own computer instead of Google's server.
· Open C:\Windows\System32\Drivers\etc\hosts in Notepad with administrative privilidges.
· At the bottom write:
127.0.0.1 safebrowsing.google.com
· Save, and exit Notepad.
2. Create a firewall rule that blocks Mozilla Firefox from connecting to host name safebrowsing.google.com,the IP address 173.194.33.102, or the MAC address 00-22-75-4a-af-1d. The host name would be the ideal choice to avoid accidental blocking of other Google services that could be hosted from the same IP. Also the IP or MAC addresses could change, but the host name won't since the connection is initiated on your end to a specific host name.
3. Use a different web browser. Pale Moon ( http://www.palemoon.org/ ) is Firefox based, but doesn't seem to have the Google's Safe Browsing feature, at least I don't see the options present, nor does my firewall log any attempts to connect to safebrowsing.google.com by Pale Moon. It's available in 32bit and 64bit for Windows. There is third party project, Pale Moon For Linux ( http://sourceforge.net/projects/pm4linux/ ), that ports Pale Moon to Linux.
· Of your first 3 "REF"erences: 1 is only a redirect to 2, and they're about Google Chrome (Not Firefox). And the 3rd only talks about what every website tries to do - log IP's and read it's own cookies. None of your references say if Firefox treats updating the "safe browsing list" like a regular website visit (using cookies) or if it's a stand-alone one-shot download. And your Pale Moon "screenshot" clearly show the Firefox checkboxes to turn OFF "safe browsing"
 | Snow Theme by Q2A Market 
Powered by Question2Answer