How to prevent Firefox from sending downloaded file information to Google
Starting with Firefox 32, Mozilla will check file downloads against Google's application reputation database which is powering Chrome's Safe Browsing feature since 2012.
If you have read the release notes of Firefox 31, you may have noticed the entry "block malware from downloaded files" under What's New.
The integration of the feature in Firefox 31 is the first step in the implementation which will be completed when Firefox 32 is released to the public in six weeks.
In Firefox 31, a local list is used to determine whether a downloaded file is malicious or not. This downloaded list is updated regularly, ans whenever a download is being made, that download is checked against the list to make sure it is not malicious in nature.
Note: Firefox will only check executable files and not other file types.
From Firefox 32 on, downloads are checked against the local list and a remote list if the local list does not return a hit. This remote list is maintained by Google, and to access it, information about the download are submitted in the process.
While the file itself does not get transferred, its SHA-256 hash value as well as other information such as the suggested file name for the download, the length of the file in bytes and the url the file was downloaded from are.
Example screenshot of a download that Chrome blocked as malicious
How to block the sending of information to Google
While the implementation of download checks in Firefox may help some users avoid malware downloads, others may dislike the integration of the feature.
A core reason is privacy since information about file downloads are submitted to Google. Not only are information submitted, but the request itself will reveal additional information such as the IP address of the computer the request came from.
If you have deployed antivirus software on your system, it may also be unnecessary to use the Firefox implementation as the software may protect the system from malicious downloads automatically.
Last but not least, false positives are also a possibility.
To disable the application reputation check in Firefox, do the following:
- Type about:config in the browser's address bar and hit the enter key.
- Confirm that you will be careful if a warning message is displayed.
- Search for browser.safebrowsing.appRepURL.
- Double-click the preference and replace its value with a blank.
Removing the address from the preference blocks the sending of information to Google.
It is alternatively possible to disable Safe Browsing completely.
- Load about:preferences in Firefox's address bar.
- Switch to Security in the sidebar on the left.
- Disable the entries "Block reported attack sites" and "block reported web forgeries".
Additional features about the application reputation feature are available on Mozilla's Wiki.
Now Read: An in-depth Firefox security guide
Can you write up one for IE’s SmartScreen Filter? It’s basically the same thing, but sending info to MS’s database.
Here you go: https://www.ghacks.net/2012/11/03/turn-off-windows-protected-your-pc-windows-smartscreen/
Any way to disable remote list checking ?
In Firefox? By setting the url to blank.
This post is about the local list method or remote list method ? :/
According to Mozilla’s wiki, setting the string to blank disables the application reputation checks. https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc#How_to_turn_off_this_feature
I’m still not a fan of blocking the download options entirely, especially with the possibility for massive inconvenience in the case of a false positive, and the notion of it sounds a little like censorship (even though Firefox already does the blocking similarly for websites).
The part that interests me is that the Mozilla Wiki article (and the original tracking bug it links to) makes no mention of the impact of add-ons. Can an add-on bypass the usual route for file downloads and thus avoid this malware check? An add-on which does this probably will not get approved by the AMO repository, but if it is possible it might weaken the protection offered by this feature.
As if getting rid of that obstinate Google PREF cookie wasn’t hard enough already. Ironic given that the first page you see on upgrading to FF 31 mentions Firefox being #1 in privacy, if I recall correctly.
Disabled it yesterday, but let’s be honest, how many people actually read release notes?
At any rate, “block malware from downloaded files” sounds better than “have Google check every file you download”.
if the one has safebrowsing enabled then data will reach google anyway and same if he or she uses virustotal you know.
can I allow download anyway or it’s blocked for good I mean what options are hidden under dismiss scrolldown menu?
In Chrome, none at all. In Firefox, no idea as the feature is not available yet.
even in nightly? so how you disable it in chrome then if at all possible?
You need to disable “enable phishing and malware protection” on the chrome://settings/ page.
Should the entries
browser.safebrowsing.malware.reportURL be blanked out also???
For those interested Pale Moon (and Pale Moon for Linux) currently do not have these entries.
If you don’t require safebrowsing then you can simply disable the feature completely by setting browser.safebrowsing.enabled and browser.safebrowsing.malware.enabled to false.
Yes, that makes sense. But I like the safe browsing idea of checking against a list on my PC (or against Web of Trust). What I dont like is sending anything to Google. A previous comment by “mike” indicated that if safebrowsing is enabled, google will be contacted regardless of these config changes.
Another question: if Web of Trust is enabled, is that “sufficient” for protection?
Web of Trust is only offering reputation ratings for websites, not downloads as far as I know.
Does firefox’s “block reported attack sites and web forgeries” check a local block list or send URLs to the cloud?
Mozilla is getting less trustworthy with every new release. How do we know Firefox Sync is really off? Is Mozilla collecting history and bookmarks to sell to Google?
My version of Pale Moon (24.6.2 (x64)) has those entries with addresses. I just followed Martin’s advice and also set the following entries to false.
Mozilla has become dodgy as fucking scum like Google.
Is there any way to
1. have safebrowsing for websites enabled, and,
2. have this local-anti-malware function enabled also, but without sending new files to google?
Currently i’m testing Firefox 31 esr. I had disabled the above mentioned safety-options in firefox. Under FF31 i disabled the adblock-addons and i use only Ghostery and NoScript. Together with the new engine FF starts faster and reacts smoother while surfing or streaming video.
My two cents for safe browsing:
Ghostery needs a little modification of settings, because not all known cookies and trackers are blocked by default. Also the Ghostrank-checkbox should be deactivated for privacy reasons and performance (traffic).
NoScript is able to block most of advertising, so adblock seems obsolete. ABP is known as a RAM-Hog. I didn’t have the time to check all my facourites regarding ad-free behaviour under NoScript.
In common it makes more sense to check a file with an AVP after downloading.
Otherwise it would make sense to work with different profiles: a slim one when browsing on well-known sites you can trust and a “Fort-Knox-Hi-Security-Profile” when surfing thru the net on the search for “warez’n’stuff”.
This no longer shows in the latest version of firefox , Has it now been disabled by default or has the name changed ?
Still listed in my version of Firefox (latest Nightly).
Firefox 32.0.2 – standard web update.
Just checked my two desktops and a laptop all running standard installs of the latest firefox 32.0.2 web version and none show *..appRepURL in about:config ?
The laptop is windows XP 32bit and the desktops are Win 8 64bit.
I should point out i meant ” browser.safebrowsing.appRepURL ” and not the short version of *..appRepURL in my post incase that gave the impression that is what i was looking for.
It existed before i upgraded to 32.0.2
I done a fresh install , i wonder if it would have still shown in the config if i had just installed over the previous version?
Not just Bindee
I installed the latest 32.0.3 that came out a couple of days ago and it no longer shows.
Have they hidden it or renamed it , maybe Martin Brinkmann could look into it ?
I just checked in Firefox Stable and it is not there anymore. It still exists in Firefox Nightly though. Maybe Mozilla removed it from stable versions of the browser?
Thanks both for confirming it.
Lets hope it has been removed and not set to be permanently enabled.
It’s still not there in the latest 33.0 revision. ?
In FireFox ver 50 there are 2 reporting addresses. Look for these two:
Evil mask Destroy all
with calming blankkkkkkkkkkkkkkkkkkkkkkkkkkkkkk