[tialaramex]

> so they can just hash them all and see what matches

Matches _what_ ? Firefox doesn't send hashes to Google Safe Browsing. This would not only be a privacy problem it would also make the browser much too slow. Instead Firefox periodically downloads a summary of what might be unsafe, and then it compares hashes to that summary. If there's a match in the summary (rare but it happens) it fetches more detailed parts of the total Safe Browsing map to make a decision.

As a rule of thumb I'd say when a person complains about Safe Browsing without any clue how it actually works I'm confident they're exactly the type of "power user" who most needs Safe Browsing to keep them out of trouble because they're falsely confident in their own abilities.

[throwaway2048]

It does however request hash prefixes, then google sends to the client all bad URLs that match, that is what can be brute forced with relative ease, if you already have a stream of previous they are visiting (via google analytics, google captcha, and other matched hashes). Especially if you know most every URL on the internet already. (hash them, then look it up in a table).

Anonymization is a very tricky subject, and there is a lot of techniques that get trumpeted but are absolutely not effective assuming a bad faith actor.

[tialaramex]

> It does however request hash prefixes, then google sends to the client all bad URLs that match

IF the prefix is a match, which is relatively unusual then the browser requests the full list for that prefix. But also, no, Google just sends back a list of full hashes and not URLs.

> that is what can be brute forced with relative ease

OK. 1f6866 is a hash prefix, quick "brute force" it with this supposed relative ease, what am I looking at?

How about 0aebaf? Ah, trick question, that's just noise stirred in automatically by Firefox (yes their implementation silently does this, typically the noise drowns out signal by a ratio of 4:1 but it's configurable).

Or wait, maybe the first one was noise and this isn't. Google neither knows nor cares.

Still, you'll just use "relative ease" to brute force every 24-bit number and then er, more brute force to figure out which ones are bogus. You can do the same with my phone number. One of the digits is a "five" - quick, brute force the whole number and tell me what it is to show how great "brute force" is at hand-waving impossible problems!

> if you already have a stream of previous they are visiting

I know this trick. Hey, pick a number, then add two to that number, then take away the number you first thought of. The number you're now thinking of is two - tada!

Yes, if I know where you are then I can "magically" tell where you are using seemingly unrelated information, by simply discarding it and already knowing where you are.

But this "technique" works perfectly well without Safe Browsing and so it has no bearing on whether Safe Browsing is in fact safe.

> Anonymization is a very tricky subject

Brain surgery is also a tricky subject. But Google's Safe Browsing project doesn't do Brain surgery either.