A Privacy Analysis of Google and Yandex Safe Browsing

Google and Yandex Safe Browsing are popular services included in many web browsers to prevent users from visiting phishing or malware websites. If these services protect their users from losing private information, they also require that their servers receive browsing information on the very same users. In this paper, we analyze Google and Yandex Safe Browsing services from a privacy perspective. We quantify the privacy provided by these services by analyzing the possibility of re-identifying URLs visited by a client. We thereby challenge Google's privacy policy which claims thatGoogle cannot recover URLs visited by its users. Our analysis and experimental results show that Google and Yandex Safe Browsing canpotentially be used as a tool to track specific classes of individuals. Additionally, our investigations on the data currently included in Google and Yandex Safe Browsing provides a concrete set of URLs/domains that can be re-identified without much effort.

[1]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[2]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[3]  Roy T. Fielding,et al.  Uniform Resource Identifiers (URI): Generic Syntax , 1998, RFC.

[4]  V. Rich Personal communication , 1989, Nature.

[5]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[6]  Lada A. Adamic,et al.  Internet: Growth dynamics of the World-Wide Web , 1999, Nature.

[7]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[8]  Ravi Kumar,et al.  "I know what you did last summer": query logs and user privacy , 2007, CIKM '07.

[9]  Ian Goldberg,et al.  Revisiting the Computational Practicality of Private Information Retrieval , 2011, Financial Cryptography.

[10]  Roy T. Fielding,et al.  Uniform Resource Identifier (URI): Generic Syntax , 2005, RFC.

[11]  Anja Feldmann,et al.  Delta encoding in HTTP , 2002, RFC.

[12]  Radu Sion,et al.  On the Practicality of Private Information Retrieval , 2007, NDSS.

[13]  Bohn Stafleu van Loghum,et al.  Online … , 2002, LOG IN.

[14]  Srdjan Capkun,et al.  Quantifying Web-Search Privacy , 2014, CCS.

[15]  Adam Meyerson,et al.  Routing in random ad-hoc networks: provably better than worst-case , 2008 .

[16]  Tim Berners-Lee,et al.  Uniform Resource Locators (URL) , 1994, RFC.

[17]  Ian Goldberg,et al.  Improving the Robustness of Private Information Retrieval , 2007 .

[18]  Martin Raab,et al.  "Balls into Bins" - A Simple and Tight Analysis , 1998, RANDOM.