They use the same tracking system Google uses to create unique keys, except
they built their own. That means the microtime of installation is sent to
the mothership every single time someone pulls down the anti-phishing and
anti-malware lists (from 10.76.1.11) in the browser. This microtime is
easily enough information to decloak people, which is presumably the same
reason Google built it into the browser.
Unique user key that was used for pre-HTTPS SafeBrowsing updates? It was necessary to get the updates MACed before Google had full HTTPS deployment. You got the key over HTTPS, then all subsequent HTTP downloads could use that key for message authentication.
Also, I kind of dislike the alarmist tone of this paragraph. Saying that google's anti malware blacklist (used by all browsers out there aside of IE) is a secret plan to de-anonymize people by using a microtime of a request timestamp seems... far fetched.
I don't know where microtimes comes from either. It's entirely possible the per-user key is or contains a microtime - I've never investigated.
The per-user key does allow the entity operating the blacklist to easily detect any user who's moving between network access points. This is known. The feature is and was always stripped out in stuff like Tor browser for that reason.
There's good reasons to believe it wasn't malicious (it was necessary for secure updates pre-universal-HTTPS, and was removed as soon as HTTPS was deployed universally at Google), but it's also not really arguable it could be used for that purpose, either.
No, not at all. SafeBrowsing had a separate encryption/MAC key. I think some of the confusion is because the parent poster posted a link to v3 of the protocol, which dropped the key in favor of HTTPS, but the old Firefox version implements v2.
According to Mozilla this cookie is only used by the Safe Browsing client code and isn't sent to Google through regular web browsing (private mode or otherwise). However, the Lumber Cartel (there is no Lumber Cartel) wood be able to use this cookie to fingerprint web browsers and so track people as they move among Internet connections. Those of us who are double super extra paranoid disable Safe Browsing in order to prevent this.
>Saying that google's anti malware blacklist (used by all browsers out there aside of IE) is a secret plan to de-anonymize people by using a microtime of a request timestamp seems... far fetched.
Uh, not really. Tracking users is at the heart of their business model.
Because they have ample means of tracking users aside of sneakily and under false pretences trying to deanonymize requests to a malware protection service they provide.
>Because they have ample means of tracking users aside of sneakily and under false pretences
eyeroll If they were above being sneaky and operating under false pretences they wouldn't have blatantly ignored "do not track".
I'm sure they will never feel like they have enough means of tracking users, either. Every means they develop helps improve their targeting, puts them ahead of their competition and has a direct impact on their bottom line.
It's not about knowing who you are, but knowing that you're the same user that searched for "villas in france" when you're later browsing another site and they have an ad that fits.
I actually worked on a vacation rental site for some time, and as a result of queries I did for research, I ended up "only" seeing ads for one of the major companies in the sector for weeks on end.
But there is of course potential for abuse if someone gets hold of that data.
I have a general idea of how it works or could work, which is why I gave the example of retargeting. But is there proof they actually do it and it's "at the heart of their business model"?
There was recently an article on using HSTS as a sort of super cookie. Yet it doesn't seem to actually be in use[1].
There is a lot of rumour around Google. For example that they use Google Analytics data for ranking. Yet it rarely comes with any proof.
Google makes a significant portion of revenue from their content network, which are ads that are displayed on other websites. They also offer remarketing, which allows an advertiser to display their ads across the content network to people who have visited the advertiser's website.
