Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Safe Browsing setting is potentially misleading

See original GitHub issue

The Safe Browsing setting in chrome://settings/privacy says that some unsafe pages might be sent to Brave:

Screenshot from 2019-07-03 23-17-36

I’m not 100% sure what part of Safe Browsing it’s referring to, but I doubt it’s sending Brave URLs. It’s most likely sending these to nobody (because we turned it off) or it’s sending these to Google under some limited circumstances.

cc @jumde

Issue Analytics

State:
Created 4 years ago
Comments:8 (6 by maintainers)

Top GitHub Comments

1reaction

fmariercommented, Jul 4, 2019

Yes, we do proxy Safe Browsing requests. In the case of browsing protection (e.g. the phishing warning pages), that includes both updates and requests for full hashes, but those are not actual URLs.

On the other hand, for download protection (i.e. how downloads are checked for maliciousness with Google Safe Browsing) we do currently send URLs to Google (to be disabled in #4341).

There are other parts of Safe Browsing which use URLs and which I need to investigate (and disable if they’re active): client-side phishing detection), extended_reporting and password_protection.

While we proxy all of the requests, we’re not looking at them, only Google is. So it seems misleading to state that some URLs might get sent to Brave, when they are really sent to Google via Brave.

0reactions

fmariercommented, Oct 6, 2021

Thanks @rebron . Given the new text, this issue is no longer relevant.