Love the new changes in IE and the direction it is taking.
>IE11 allow you to turn off the SmartScreen filter right in the download UI.
Now only if chrome would do that I can keep myself from switching away from it. Its frustrating to know that everytime I download a file or save an image, the file hash, IP and the download URL is sent to Google. The whole NSA thing isn't making it better either. [1][2]
I know but that also turns off the malware links protection. I don't mind the malware site/link protection since it only sends in a small part of the URL's hash for matching (similar to how we have in Firefox). Comparatively, the file scanner requires the whole hash of the file, the clear text of the download URL and the IP address which I find far more intrusive to privacy. I am hoping for a future update where they would let us enable/disable them individually.
No, its more like this. You download a series of truncated hashes; you generate a bunch of permutations of your URL (strip the query params, strip components of the path/domain), you hash those, check them against your local list. If you get any matches, you request an expanded list from Google, giving them the truncated hashes that matched. This gives you a cacheable list of full hashes; you check your matched hashes against those full hashes, and if any match, then its a match.
I have used the Safe Browsing API for one of my projects and if I remember correctly, you are supposed to sent hash of the root domain along with the hash of the URL. Assuming it works similarly for browsers, once the root domain is blacklisted randomly generated URLs won't be able to get through.
Usually I groan when people complain about the Malware features in Chrome in relation to privacy but this is definitely one I'd not heard of. The hash of the whole file is bad enough, but even if it were unique, the full URL could easily contain sensitive information or information about the file contents.
Perhaps they are worried about the same url being used to serve multiple files. Eg: example.php/download/invoice.pdf might be customer / order specific.
Right, I can see why the hash of the file would be important, but I can't see why they would include the plain text URL instead of a hash.
It would be interesting to have a hash of a file that could identify embedded data but exclude private data. For instance, for a Microsoft Office file it would include hashes of embedded binary assets but exclude the text of the document.
>IE11 allow you to turn off the SmartScreen filter right in the download UI.
Now only if chrome would do that I can keep myself from switching away from it. Its frustrating to know that everytime I download a file or save an image, the file hash, IP and the download URL is sent to Google. The whole NSA thing isn't making it better either. [1][2]
[1] http://superuser.com/questions/387724/how-to-disable-downloa... [2] http://blog.chromium.org/2012/01/all-about-safe-browsing.htm...