How to prevent Firefox from sending downloaded file information to Google - gHacks Tech News

How to prevent Firefox from sending downloaded file information to Google

Starting with Firefox 32, Mozilla will check file downloads against Google's application reputation database which is powering Chrome's Safe Browsing feature since 2012.

If you have read the release notes of Firefox 31, you may have noticed the entry "block malware from downloaded files" under What's New.

The integration of the feature in Firefox 31 is the first step in the implementation which will be completed when Firefox 32 is released to the public in six weeks.

In Firefox 31, a local list is used to determine whether a downloaded file is malicious or not. This downloaded list is updated regularly, ans whenever a download is being made, that download is checked against the list to make sure it is not malicious in nature.

Note: Firefox will only check executable files and not other file types.

From Firefox 32 on, downloads are checked against the local list and a remote list if the local list does not return a hit. This remote list is maintained by Google, and to access it, information about the download are submitted in the process.

While the file itself does not get transferred, its SHA-256 hash value as well as other information such as the suggested file name for the download, the length of the file in bytes and the url the file was downloaded from are.

Example screenshot of a download that Chrome blocked as malicious

chrome is malicious

How to block the sending of information to Google

While the implementation of download checks in Firefox may help some users avoid malware downloads, others may dislike the integration of the feature.

A core reason is privacy since information about file downloads are submitted to Google. Not only are information submitted, but the request itself will reveal additional information such as the IP address of the computer the request came from.

If you have deployed antivirus software on your system, it may also be unnecessary to use the Firefox implementation as the software may protect the system from malicious downloads automatically.

Last but not least, false positives are also a possibility.

To disable the application reputation check in Firefox, do the following:

  1. Type about:config in the browser's address bar and hit the enter key.
  2. Confirm that you will be careful if a warning message is displayed.
  3. Search for browser.safebrowsing.appRepURL.
  4. Double-click the preference and replace its value with a blank.

disable file download checks

Removing the address from the preference blocks the sending of information to Google.

It is alternatively possible to disable Safe Browsing completely.

  1. Load about:preferences in Firefox's address bar.
  2. Switch to Security in the sidebar on the left.
  3. Disable the entries "Block reported attack sites" and "block reported web forgeries".

Additional features about the application reputation feature are available on Mozilla's Wiki.

Now Read: An in-depth Firefox security guide

Summary
How to prevent Firefox from sending downloaded file information to Google
Article Name
How to prevent Firefox from sending downloaded file information to Google
Description
Find out how to block Firefox from sending information about downloaded files to Google.
Author




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. John P said on July 23, 2014 at 9:52 am
      Reply

      Can you write up one for IE’s SmartScreen Filter? It’s basically the same thing, but sending info to MS’s database.

      1. Martin Brinkmann said on July 23, 2014 at 10:47 am
        Reply
        1. Niks said on July 23, 2014 at 2:41 pm
          Reply

          Any way to disable remote list checking ?

        2. Martin Brinkmann said on July 23, 2014 at 2:47 pm
          Reply

          In Firefox? By setting the url to blank.

        3. Niks said on July 23, 2014 at 3:14 pm
          Reply

          This post is about the local list method or remote list method ? :/

        4. Martin Brinkmann said on July 23, 2014 at 3:21 pm
          Reply

          According to Mozilla’s wiki, setting the string to blank disables the application reputation checks. https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc#How_to_turn_off_this_feature

    2. kktkkr said on July 23, 2014 at 9:53 am
      Reply

      I’m still not a fan of blocking the download options entirely, especially with the possibility for massive inconvenience in the case of a false positive, and the notion of it sounds a little like censorship (even though Firefox already does the blocking similarly for websites).

      The part that interests me is that the Mozilla Wiki article (and the original tracking bug it links to) makes no mention of the impact of add-ons. Can an add-on bypass the usual route for file downloads and thus avoid this malware check? An add-on which does this probably will not get approved by the AMO repository, but if it is possible it might weaken the protection offered by this feature.

    3. xtremezz said on July 23, 2014 at 10:37 am
      Reply

      As if getting rid of that obstinate Google PREF cookie wasn’t hard enough already. Ironic given that the first page you see on upgrading to FF 31 mentions Firefox being #1 in privacy, if I recall correctly.

      Disabled it yesterday, but let’s be honest, how many people actually read release notes?

      At any rate, “block malware from downloaded files” sounds better than “have Google check every file you download”.

    4. mike said on July 23, 2014 at 1:50 pm
      Reply

      if the one has safebrowsing enabled then data will reach google anyway and same if he or she uses virustotal you know.

    5. ken said on July 23, 2014 at 2:13 pm
      Reply

      can I allow download anyway or it’s blocked for good I mean what options are hidden under dismiss scrolldown menu?

      1. Martin Brinkmann said on July 23, 2014 at 2:15 pm
        Reply

        In Chrome, none at all. In Firefox, no idea as the feature is not available yet.

        1. ken said on July 23, 2014 at 2:48 pm
          Reply

          even in nightly? so how you disable it in chrome then if at all possible?

        2. Martin Brinkmann said on July 23, 2014 at 2:49 pm
          Reply

          You need to disable “enable phishing and malware protection” on the chrome://settings/ page.

    6. racorbin said on July 23, 2014 at 2:34 pm
      Reply

      Should the entries

      browser.safebrowsing.updateURL;
      browser.safebrowsing.reportURL;
      browser.safebrowsing.gethashURL;
      browser.safebrowsing.malware.reportURL be blanked out also???

      For those interested Pale Moon (and Pale Moon for Linux) currently do not have these entries.

      1. Martin Brinkmann said on July 23, 2014 at 2:47 pm
        Reply

        If you don’t require safebrowsing then you can simply disable the feature completely by setting browser.safebrowsing.enabled and browser.safebrowsing.malware.enabled to false.

        1. racorbin said on July 23, 2014 at 2:59 pm
          Reply

          Yes, that makes sense. But I like the safe browsing idea of checking against a list on my PC (or against Web of Trust). What I dont like is sending anything to Google. A previous comment by “mike” indicated that if safebrowsing is enabled, google will be contacted regardless of these config changes.

          Another question: if Web of Trust is enabled, is that “sufficient” for protection?

        2. Martin Brinkmann said on July 23, 2014 at 3:08 pm
          Reply

          Web of Trust is only offering reputation ratings for websites, not downloads as far as I know.

        3. Chris said on July 25, 2014 at 8:12 am
          Reply

          Does firefox’s “block reported attack sites and web forgeries” check a local block list or send URLs to the cloud?

          Mozilla is getting less trustworthy with every new release. How do we know Firefox Sync is really off? Is Mozilla collecting history and bookmarks to sell to Google?

    7. David said on July 23, 2014 at 9:05 pm
      Reply

      My version of Pale Moon (24.6.2 (x64)) has those entries with addresses. I just followed Martin’s advice and also set the following entries to false.

      services.sync.prefs.sync.browser.safebrowsing.enabled
      services.sync.prefs.sync.browser.safebrowsing.malware.enabled

    8. MozillaTards said on July 23, 2014 at 9:55 pm
      Reply

      Mozilla has become dodgy as fucking scum like Google.

    9. Smith said on July 24, 2014 at 8:08 pm
      Reply

      Is there any way to

      1. have safebrowsing for websites enabled, and,
      2. have this local-anti-malware function enabled also, but without sending new files to google?

      Regards,
      Smith

    10. p3t3r said on July 27, 2014 at 7:34 am
      Reply

      Hi @all!

      Currently i’m testing Firefox 31 esr. I had disabled the above mentioned safety-options in firefox. Under FF31 i disabled the adblock-addons and i use only Ghostery and NoScript. Together with the new engine FF starts faster and reacts smoother while surfing or streaming video.

      My two cents for safe browsing:

      Ghostery needs a little modification of settings, because not all known cookies and trackers are blocked by default. Also the Ghostrank-checkbox should be deactivated for privacy reasons and performance (traffic).

      NoScript is able to block most of advertising, so adblock seems obsolete. ABP is known as a RAM-Hog. I didn’t have the time to check all my facourites regarding ad-free behaviour under NoScript.

      In common it makes more sense to check a file with an AVP after downloading.

      Otherwise it would make sense to work with different profiles: a slim one when browsing on well-known sites you can trust and a “Fort-Knox-Hi-Security-Profile” when surfing thru the net on the search for “warez’n’stuff”.

      Kind regards

      p3t3r

    11. Bindee said on September 24, 2014 at 10:58 am
      Reply

      browser.safebrowsing.appRepURL

      This no longer shows in the latest version of firefox , Has it now been disabled by default or has the name changed ?

      Thanks

      1. Martin Brinkmann said on September 24, 2014 at 11:21 am
        Reply

        Still listed in my version of Firefox (latest Nightly).

    12. Bindee said on September 25, 2014 at 12:40 am
      Reply

      Firefox 32.0.2 – standard web update.

      Just checked my two desktops and a laptop all running standard installs of the latest firefox 32.0.2 web version and none show *..appRepURL in about:config ?

      The laptop is windows XP 32bit and the desktops are Win 8 64bit.

      :headscratch:

      1. Bindee said on September 25, 2014 at 7:14 am
        Reply

        I should point out i meant ” browser.safebrowsing.appRepURL ” and not the short version of *..appRepURL in my post incase that gave the impression that is what i was looking for.

        It existed before i upgraded to 32.0.2

        I done a fresh install , i wonder if it would have still shown in the config if i had just installed over the previous version?

    13. Tammo said on September 27, 2014 at 10:23 am
      Reply

      Not just Bindee

      I installed the latest 32.0.3 that came out a couple of days ago and it no longer shows.

      Have they hidden it or renamed it , maybe Martin Brinkmann could look into it ?

      1. Martin Brinkmann said on September 27, 2014 at 10:43 am
        Reply

        I just checked in Firefox Stable and it is not there anymore. It still exists in Firefox Nightly though. Maybe Mozilla removed it from stable versions of the browser?

        1. Bindee said on September 27, 2014 at 10:50 am
          Reply

          Thanks both for confirming it.

          Lets hope it has been removed and not set to be permanently enabled.

    14. Declan said on October 23, 2014 at 12:47 pm
      Reply

      It’s still not there in the latest 33.0 revision. ?

    15. Martin said on August 17, 2015 at 12:42 pm
      Reply

      Danke !!

    16. R2D2 said on December 18, 2016 at 8:29 pm
      Reply

      In FireFox ver 50 there are 2 reporting addresses. Look for these two:
      browser.safebrowsing.provider.google.reportURL
      browser.safebrowsing.provider.google4.reportURL

    17. gogoleis [email protected] said on March 1, 2017 at 5:10 am
      Reply

      *.safebrowsing.*URL

      Evil mask Destroy all

      with calming blankkkkkkkkkkkkkkkkkkkkkkkkkkkkkk

    Leave a Reply