[st3fan]

Can you please explain this in more detail? Ideally with an example request that you see?

(I highly doubt that there is any truth to this claim)

[helb]

I think they were referring to https://wiki.mozilla.org/Security/Safe_Browsing … which uses safebrowsing.google.com, but doesn't send any "DOM hashes" to them.

[themihai]

How do you explain this? https://news.ycombinator.com/item?id=5971403

[dbdr]

helb was saying Firefox does not send "DOM hashes", the story you link to is about Chrome.

[themihai]

Both Chrome and Firefox use the same techniques as far as the client side detection is concerned if not even the same code. Both send the data to Google.

[themihai]

I think you can check the source https://cs.chromium.org/chromium/src/chrome/browser/safe_bro... Long story short it sends the DOM "model" including links, input names etc. There was a story on HN about this https://news.ycombinator.com/item?id=5971403

[st3fan]

You should read the Privacy section at https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-...

> One of the most persistent misunderstandings about Safe Browsing is the idea that the browser needs to send all visited URLs to Google in order to verify whether or not they are safe.

> While this was an option in version 1 of the Safe Browsing protocol (as disclosed in their privacy policy at the time), support for this "enhanced mode" was removed in Firefox 3 and the version 1 server was decommissioned in late 2011 in favor of version 2 of the Safe Browsing API which doesn't offer this type of real-time lookup.

Firefox 3 - That was 9 years ago.

[themihai]

I believe that doesn't take into account the client side detection. It was added later.