[notafrog]

I'm guessing a single hash could be problematic for detections based on the domain for example. But this could be circumvented by sending hashed parts of the URL.

For example they could hash the domain, path and query separately.

[roca]

Sending a hash of the URL or individual parts of the URL is problematic because the server can easily execute a dictionary attack to identify those parts in most cases.

The "Google Safe Browsing Update API" (used by Firefox, Chrome, Safari and others) solved this a long time ago. In that protocol, the browser hashes the URL, sends a short prefix of the hash to the server, and receives a list of hashes for the URLs that should be blocked. A huge number of valid URLs all hash to each prefix and the server does not know which one the user has visited. Also, the client caches the list of hash prefixes for which the block list is non-empty, to avoid unnecessary fetches of empty lists, which further improves privacy and reduces response time.

Also, the client doesn't send any kind of user ID token to the server.