How to prevent Firefox from sending downloaded file information to Google

Starting with Firefox 32, Mozilla will check file downloads against Google's application reputation database which is powering Chrome's Safe Browsing feature since 2012.

If you have read the release notes of Firefox 31, you may have noticed the entry "block malware from downloaded files" under What's New.

The integration of the feature in Firefox 31 is the first step in the implementation which will be completed when Firefox 32 is released to the public in six weeks.

In Firefox 31, a local list is used to determine whether a downloaded file is malicious or not. This downloaded list is updated regularly, ans whenever a download is being made, that download is checked against the list to make sure it is not malicious in nature.

Note: Firefox will only check executable files and not other file types.

From Firefox 32 on, downloads are checked against the local list and a remote list if the local list does not return a hit. This remote list is maintained by Google, and to access it, information about the download are submitted in the process.

While the file itself does not get transferred, its SHA-256 hash value as well as other information such as the suggested file name for the download, the length of the file in bytes and the url the file was downloaded from are.

Example screenshot of a download that Chrome blocked as malicious

chrome is malicious

How to block the sending of information to Google

While the implementation of download checks in Firefox may help some users avoid malware downloads, others may dislike the integration of the feature.

A core reason is privacy since information about file downloads are submitted to Google. Not only are information submitted, but the request itself will reveal additional information such as the IP address of the computer the request came from.

If you have deployed antivirus software on your system, it may also be unnecessary to use the Firefox implementation as the software may protect the system from malicious downloads automatically.

Last but not least, false positives are also a possibility.

To disable the application reputation check in Firefox, do the following:

  1. Type about:config in the browser's address bar and hit the enter key.
  2. Confirm that you will be careful if a warning message is displayed.
  3. Search for browser.safebrowsing.appRepURL.
  4. Double-click the preference and replace its value with a blank.

disable file download checks

Removing the address from the preference blocks the sending of information to Google.

It is alternatively possible to disable Safe Browsing completely.

  1. Load about:preferences in Firefox's address bar.
  2. Switch to Security in the sidebar on the left.
  3. Disable the entries "Block reported attack sites" and "block reported web forgeries".

Additional features about the application reputation feature are available on Mozilla's Wiki.

Now Read: An in-depth Firefox security guide

Summary
Article Name
How to prevent Firefox from sending downloaded file information to Google
Author
Description
Find out how to block Firefox from sending information about downloaded files to Google.
Please share this article

facebooktwittergoogle_plusredditlinkedinmail


Responses to How to prevent Firefox from sending downloaded file information to Google

  1. John P July 23, 2014 at 9:52 am #

    Can you write up one for IE's SmartScreen Filter? It's basically the same thing, but sending info to MS's database.

  2. kktkkr July 23, 2014 at 9:53 am #

    I'm still not a fan of blocking the download options entirely, especially with the possibility for massive inconvenience in the case of a false positive, and the notion of it sounds a little like censorship (even though Firefox already does the blocking similarly for websites).

    The part that interests me is that the Mozilla Wiki article (and the original tracking bug it links to) makes no mention of the impact of add-ons. Can an add-on bypass the usual route for file downloads and thus avoid this malware check? An add-on which does this probably will not get approved by the AMO repository, but if it is possible it might weaken the protection offered by this feature.

  3. xtremezz July 23, 2014 at 10:37 am #

    As if getting rid of that obstinate Google PREF cookie wasn't hard enough already. Ironic given that the first page you see on upgrading to FF 31 mentions Firefox being #1 in privacy, if I recall correctly.

    Disabled it yesterday, but let's be honest, how many people actually read release notes?

    At any rate, "block malware from downloaded files" sounds better than "have Google check every file you download".

  4. mike July 23, 2014 at 1:50 pm #

    if the one has safebrowsing enabled then data will reach google anyway and same if he or she uses virustotal you know.

  5. ken July 23, 2014 at 2:13 pm #

    can I allow download anyway or it's blocked for good I mean what options are hidden under dismiss scrolldown menu?

    • Martin Brinkmann July 23, 2014 at 2:15 pm #

      In Chrome, none at all. In Firefox, no idea as the feature is not available yet.

      • ken July 23, 2014 at 2:48 pm #

        even in nightly? so how you disable it in chrome then if at all possible?

      • Martin Brinkmann July 23, 2014 at 2:49 pm #

        You need to disable "enable phishing and malware protection" on the chrome://settings/ page.

  6. racorbin July 23, 2014 at 2:34 pm #

    Should the entries

    browser.safebrowsing.updateURL;
    browser.safebrowsing.reportURL;
    browser.safebrowsing.gethashURL;
    browser.safebrowsing.malware.reportURL be blanked out also???

    For those interested Pale Moon (and Pale Moon for Linux) currently do not have these entries.

    • Martin Brinkmann July 23, 2014 at 2:47 pm #

      If you don't require safebrowsing then you can simply disable the feature completely by setting browser.safebrowsing.enabled and browser.safebrowsing.malware.enabled to false.

  7. David July 23, 2014 at 9:05 pm #

    My version of Pale Moon (24.6.2 (x64)) has those entries with addresses. I just followed Martin's advice and also set the following entries to false.

    services.sync.prefs.sync.browser.safebrowsing.enabled
    services.sync.prefs.sync.browser.safebrowsing.malware.enabled

  8. MozillaTards July 23, 2014 at 9:55 pm #

    Mozilla has become dodgy as fucking scum like Google.

  9. Smith July 24, 2014 at 8:08 pm #

    Is there any way to

    1. have safebrowsing for websites enabled, and,
    2. have this local-anti-malware function enabled also, but without sending new files to google?

    Regards,
    Smith

  10. p3t3r July 27, 2014 at 7:34 am #

    Hi @all!

    Currently i'm testing Firefox 31 esr. I had disabled the above mentioned safety-options in firefox. Under FF31 i disabled the adblock-addons and i use only Ghostery and NoScript. Together with the new engine FF starts faster and reacts smoother while surfing or streaming video.

    My two cents for safe browsing:

    Ghostery needs a little modification of settings, because not all known cookies and trackers are blocked by default. Also the Ghostrank-checkbox should be deactivated for privacy reasons and performance (traffic).

    NoScript is able to block most of advertising, so adblock seems obsolete. ABP is known as a RAM-Hog. I didn't have the time to check all my facourites regarding ad-free behaviour under NoScript.

    In common it makes more sense to check a file with an AVP after downloading.

    Otherwise it would make sense to work with different profiles: a slim one when browsing on well-known sites you can trust and a "Fort-Knox-Hi-Security-Profile" when surfing thru the net on the search for "warez'n'stuff".

    Kind regards

    p3t3r

  11. Bindee September 24, 2014 at 10:58 am #

    browser.safebrowsing.appRepURL

    This no longer shows in the latest version of firefox , Has it now been disabled by default or has the name changed ?

    Thanks

    • Martin Brinkmann September 24, 2014 at 11:21 am #

      Still listed in my version of Firefox (latest Nightly).

  12. Bindee September 25, 2014 at 12:40 am #

    Firefox 32.0.2 - standard web update.

    Just checked my two desktops and a laptop all running standard installs of the latest firefox 32.0.2 web version and none show *..appRepURL in about:config ?

    The laptop is windows XP 32bit and the desktops are Win 8 64bit.

    :headscratch:

    • Bindee September 25, 2014 at 7:14 am #

      I should point out i meant " browser.safebrowsing.appRepURL " and not the short version of *..appRepURL in my post incase that gave the impression that is what i was looking for.

      It existed before i upgraded to 32.0.2

      I done a fresh install , i wonder if it would have still shown in the config if i had just installed over the previous version?

  13. Tammo September 27, 2014 at 10:23 am #

    Not just Bindee

    I installed the latest 32.0.3 that came out a couple of days ago and it no longer shows.

    Have they hidden it or renamed it , maybe Martin Brinkmann could look into it ?

    • Martin Brinkmann September 27, 2014 at 10:43 am #

      I just checked in Firefox Stable and it is not there anymore. It still exists in Firefox Nightly though. Maybe Mozilla removed it from stable versions of the browser?

      • Bindee September 27, 2014 at 10:50 am #

        Thanks both for confirming it.

        Lets hope it has been removed and not set to be permanently enabled.

Leave a Reply