We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Meer info

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

block phishing but do not use google

  • 3 antwoorden
  • 1 heeft dit probleem
  • 6 weergaven
  • Laatste antwoord van philipp

more options

> When you download an application file, Firefox checks the site hosting it against a list of sites known to contain "malware". If the site is found on that list, Firefox blocks the file immediately, **otherwise it asks Google’s Safe Browsing service if the software is safe by sending it some of the download’s metadata.**

So a record of any application I download that is not immediately identified as malware is sent to Google?

How can I use the purely local part of this service without sending anything to an external site?

Thanks!

> When you download an application file, Firefox checks the site hosting it against a list of sites known to contain "malware". If the site is found on that list, Firefox blocks the file immediately, **otherwise it asks Google’s Safe Browsing service if the software is safe by sending it some of the download’s metadata.** So a record of any application I download that is not immediately identified as malware is sent to Google? How can I use the purely local part of this service without sending anything to an external site? Thanks!

Gekozen oplossing

as far as i know it's still windows only - just to be sure you could still toggle the browser.safebrowsing.downloads.remote.enabled pref to false though.

Dit antwoord in context lezen 👍 0

Alle antwoorden (3)

more options

ohjustinternetstuff said

So a record of any application I download that is not immediately identified as malware is sent to Google?

hi, only information from unsigned executables (or when the signature doesn't check out) will be sent to google's safebrowsing service. the implementation & also how to turn off that remote app reputation check are explained in https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc

Bewerkt door philipp op

more options

Thanks for the reply. In the doc you sent me:

> If a local result is not found, the user-agent may perform a remote-lookup on Windows only.

Is any remote lookup performed on Linux clients (Google or other), or just Windows?


Thanks!

more options

Gekozen oplossing

as far as i know it's still windows only - just to be sure you could still toggle the browser.safebrowsing.downloads.remote.enabled pref to false though.