Privacy & Browsers

Safe Browsing: What the Malware Blocklist in Your Browser Sends to Google

July 18, 2026 7 min read Haven Team

Chrome, Firefox, and Safari all check the pages you visit against Google's Safe Browsing service. That one system sits in the path of most of the world's web browsing, which raises an obvious question: does the company that runs the biggest advertising business on earth get a feed of every URL you open? The answer is a genuinely interesting piece of privacy engineering, with edges worth knowing about.


Safe Browsing launched in 2005 as a blocklist of phishing sites and grew into the web's default immune system. When your browser throws a full-screen red warning about a deceptive site, that is Safe Browsing firing. Firefox has used it for phishing and malware protection for years. Safari checks it under the name Fraudulent Website Warning. Android checks apps against it. If you browse the web, you are almost certainly a user of it, whether or not you ever chose to be.

The naive design would be terrible: send every URL to Google, get back a verdict. Aside from the trust problem, the latency would be unusable. The actual design is more careful, and it comes in tiers that make very different privacy trade-offs.

The Hash-Prefix Design

The standard mode works from a local database. Google maintains lists of known-bad URLs, hashes each entry with SHA-256, truncates the hashes to short prefixes (typically 4 bytes), and ships the prefix list to your browser. Every page you visit is hashed locally and checked against that list on your device. For the overwhelming majority of pages, nothing matches and nothing is sent anywhere. Your browsing stays on your machine.

When a prefix does match, the browser cannot yet tell whether the page is actually bad: a 4-byte prefix is deliberately ambiguous, and many URLs share each one. So the browser asks the server for the full 32-byte hashes behind that prefix and compares locally. The server learns that someone encountered a URL whose hash starts with those bytes. It does not learn which one, and it cannot enumerate the candidates, because the space of URLs hashing to any given prefix is enormous.

If this mechanism sounds familiar, it is the same idea behind k-anonymity breach checking, where your password checker sends a hash prefix and gets back a bucket of candidates to compare on-device. Small disclosed handle, local comparison, no full secret revealed.

What a prefix hit still reveals

Prefix queries are rare and correlated with visiting flagged or recently flagged pages. A server that logs them sees timing, an IP address, and a prefix. Academic work has shown that combining several prefix queries from one client can sometimes narrow the candidate set considerably. The design reduces the leak to near-zero for normal browsing; it does not make the check-server blind.

Real-Time Checks and the Proxy Fix

A local list has a freshness problem: phishing sites now live for minutes, not days, and a list updated every half hour misses the window. So in 2024 Chrome moved its default protection to real-time hash-prefix lookups: instead of waiting for list updates, the browser queries prefixes as you browse.

That change would have meant far more queries hitting Google, each from your IP address. The mitigation is structural rather than promissory: Chrome routes these lookups through an Oblivious HTTP relay operated by a third party (Fastly). The relay sees your IP but not the query, which is encrypted to Google. Google sees the query but not your IP. Reading your browsing pattern would require the two companies to collude. Apple does something similar for Safari: since iOS 14.5, Safe Browsing traffic from Apple devices is proxied through Apple's own servers, so Google sees Apple, not you. (On devices with the region set to mainland China, Safari uses Tencent's equivalent service instead of Google's, which is its own jurisdictional trade-off.)

Enhanced Safe Browsing Is a Different Deal

Chrome also offers an opt-in tier called Enhanced Safe Browsing, and it abandons the hash-prefix discipline entirely. In Enhanced mode, Chrome sends actual URLs, and samples of page content, downloads, and extension activity, directly to Google for analysis, without the relay. If you are signed into Chrome, the data is linked to your Google account for a period. Google's own documentation is plain about this; the feature page says the data is used to improve protection for you and for everyone.

The protection is real: full URLs and content let Google catch novel phishing that no list has seen yet. But the privacy model has changed from "Google structurally cannot see my browsing" to "Google promises to handle my browsing data responsibly." Those are different guarantees, and the setting toggles between them with one switch. It is the same shape of trade-off as encrypted DNS: the question is never only "is the channel protected" but "who ends up holding the log."

Mode What leaves your device Who can link it to you
Standard (local list) Nothing for most pages; a hash prefix on rare matches Effectively nobody for normal browsing
Real-time via OHTTP relay Hash prefixes for many pages, encrypted through a relay Requires relay operator and Google to collude
Enhanced Safe Browsing Full URLs, page samples, download and extension data Google directly; linked to your account when signed in

Should You Turn It Off?

For almost everyone, no. Phishing and drive-by malware are among the few threats that reliably reach ordinary users, and Safe Browsing in its standard mode blocks a large amount of both at close to zero privacy cost. Turning it off to avoid a rare hash-prefix query is a bad trade against lookalike-domain phishing and credential-harvesting pages that visual inspection will not catch.

The settings worth an actual decision are the tiers above standard. Enhanced Safe Browsing is a meaningful data grant, and whether it is worth it depends on your threat model: a user who routinely faces targeted phishing may reasonably take the deal, while someone whose main concern is limiting profile-building at Google may reasonably decline it. People with high-risk profiles facing state-level adversaries should be thinking about stronger network anonymity anyway, since no reputation service addresses that layer.

The design lesson generalizes. Safe Browsing's standard mode is one of the better examples of a pattern worth demanding from any service that must check your activity against a server-side list: disclose the minimum handle, compare locally, and make linking your identity to your activity require collusion rather than trust. When a vendor skips that work and asks for the raw data instead, the burden of proof is on them.

Try Haven free for 15 days

Encrypted email and chat in one app. No credit card required.

Get Started →