A Privacy Analysis of Google and Yandex Safe Browsing

  title={A Privacy Analysis of Google and Yandex Safe Browsing},
  author={Thomas Gerbet and Amrit Kumar and C{\'e}dric Lauradoux},
  journal={2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)},
Google and Yandex Safe Browsing are popular services included in many web browsers to prevent users from visiting phishing or malware websites. [] Key Result Our analysis and experimental results show that Google and Yandex Safe Browsing canpotentially be used as a tool to track specific classes of individuals. Additionally, our investigations on the data currently included in Google and Yandex Safe Browsing provides a concrete set of URLs/domains that can be re-identified without much effort.
PPSB: An Open and Flexible Platform for Privacy-Preserving Safe Browsing
A Privacy-Preserving Safe Browsing (PPSB) platform that bridges the browser that uses the service and the third-party blacklist providers who provide unsafe URLs, with the guaranteed privacy of users and blacklist providers is presented.
Web Browser Privacy: What Do Browsers Say When They Phone Home?
The aim is to assess the privacy risks associated with this data exchange between a browser and its back-end servers, and finds that both the desktop and mobile versions of Brave do not use any identifiers allowing tracking of IP address over time, and do not share details of web pages visited with backend servers.
Security and privacy for outsourced computations.
This dissertation highlights the misunderstandings related to the use of hashingand hash-based data structures in a security and privacy context and shows that Safe Browsing can potentially be used as a tool to track specific classes of individuals.
The Pitfalls of Hashing for Privacy
This paper is a tutorial to explain the limits of cryptographic hash functions as an anonymization technique and provides three case studies to illustrate how hashing only yields a weakly anonymized data.
Private Blocklist Lookups with Checklist
Checklist is the first blocklist-lookup system that leaks no information about the client's string to the server, does not require the client to store the blocklist in its entirety, and allows the server to respond to the client’s query in time sublinear in the block list size.
MyTrackingChoices: Pacifying the Ad-Block War by Enforcing User Privacy Preferences
The proposed approach consists in providing users with an option to specify the categories of web pages that are privacy-sensitive to them and block trackers present on such web pages only, and shows that the economic impact of ad blocking exerted by privacy- sensitive users can be significantly reduced.
Fine-Grained Control over Tracking to Support the Ad-Based Web Economy
This article investigates an Internet technology that targets users who are not, in general, against advertising, accept the trade-off that comes with the “free” content, but—for privacy concerns—they wish to exert fine-grained control over tracking.
SoK: SCT Auditing in Certificate Transparency
The techniques that have been proposed for privacy-preserving auditing of certificate inclusion are explored, focusing on their effectiveness, efficiency, and suitability in a near-term deployment and the parallels with related problems involving browser clients.
Analysis of malware download sites by focusing on time series variation of malware
AnNotify: A Private Notification Service
A number of extensions are presented, such as generic presence and broadcast notifications, and applications, including notifications for incoming messages in anonymous communications, updates to private cached web and Domain Name Service (DNS) queries.


Quantifying Web-Search Privacy
This paper formalizes adversary's background knowledge and attacks, the users' privacy objectives, and the algorithms to evaluate effectiveness of query obfuscation mechanisms, and designs a generic tool that can be used for evaluating generic obfuscation mechanism, and users with different web search behavior.
"I know what you did last summer": query logs and user privacy
It is concluded that known schemes to release even heavily scrubbed query logs that contain session information have significant privacy risks.
Improving the Robustness of Private Information Retrieval
  • I. Goldberg
  • Computer Science, Mathematics
    2007 IEEE Symposium on Security and Privacy (SP '07)
  • 2007
This paper presents a Byzantine-robust PIR protocol which provides information-theoretic privacy protection against coalitions of up to all but one of the responding servers, improving the previous result by a factor of 3.
k-Anonymity: A Model for Protecting Privacy
  • L. Sweeney
  • Computer Science
    Int. J. Uncertain. Fuzziness Knowl. Based Syst.
  • 2002
The solution provided in this paper includes a formal protection model named k-anonymity and a set of accompanying policies for deployment and examines re-identification attacks that can be realized on releases that adhere to k- anonymity unless accompanying policies are respected.
Revisiting the Computational Practicality of Private Information Retrieval
A performance analysis of a single-server lattice-based PIR scheme by Aguilar-Melchor and Gaborit, as well as two multi-server information-theoretic PIR schemes by Chor et al. and by Goldberg find the end-to-end response times of these schemes to be one to three orders of magnitude smaller than the trivial scheme for realistic computation power and network bandwidth.
Uniform Resource Identifier (URI): Generic Syntax
The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier.
Space/time trade-offs in hash coding with allowable errors
Analysis of the paradigm problem demonstrates that allowing a small number of test messages to be falsely identified as members of the given set will permit a much smaller hash area to be used without increasing reject time.
Uniform Resource Identifiers (URI): Generic Syntax
This document defines the generic syntax of URI, including both absolute and relative forms, and guidelines for their use, and revises and replaces the generic definitions in RFC 1738 and RFC 1808.
Routing in random ad-hoc networks: provably better than worst-case
It is proved that each of the three proposed methods for wireless network routing are almost always efficient under relevant, models and metrics models for wireless networks.
Microsoft Corporation
In anticipation of the institution of these proceedings, Respondent has submitted an Offer of Settlement (the “Offer”) which the Commission has determined to accept. Solely for the purpose of these