How to prevent Firefox from sending downloaded file information to Google - gHacks Tech News

How to prevent Firefox from sending downloaded file information to Google

Starting with Firefox 32, Mozilla will check file downloads against Google's application reputation database which is powering Chrome's Safe Browsing feature since 2012.

If you have read the release notes of Firefox 31, you may have noticed the entry "block malware from downloaded files" under What's New.

The integration of the feature in Firefox 31 is the first step in the implementation which will be completed when Firefox 32 is released to the public in six weeks.

In Firefox 31, a local list is used to determine whether a downloaded file is malicious or not. This downloaded list is updated regularly, ans whenever a download is being made, that download is checked against the list to make sure it is not malicious in nature.

Note: Firefox will only check executable files and not other file types.

From Firefox 32 on, downloads are checked against the local list and a remote list if the local list does not return a hit. This remote list is maintained by Google, and to access it, information about the download are submitted in the process.

While the file itself does not get transferred, its SHA-256 hash value as well as other information such as the suggested file name for the download, the length of the file in bytes and the url the file was downloaded from are.

Example screenshot of a download that Chrome blocked as malicious

chrome is malicious

How to block the sending of information to Google

While the implementation of download checks in Firefox may help some users avoid malware downloads, others may dislike the integration of the feature.

A core reason is privacy since information about file downloads are submitted to Google. Not only are information submitted, but the request itself will reveal additional information such as the IP address of the computer the request came from.

If you have deployed antivirus software on your system, it may also be unnecessary to use the Firefox implementation as the software may protect the system from malicious downloads automatically.

Last but not least, false positives are also a possibility.

To disable the application reputation check in Firefox, do the following:

  1. Type about:config in the browser's address bar and hit the enter key.
  2. Confirm that you will be careful if a warning message is displayed.
  3. Search for browser.safebrowsing.appRepURL.
  4. Double-click the preference and replace its value with a blank.

disable file download checks

Removing the address from the preference blocks the sending of information to Google.

It is alternatively possible to disable Safe Browsing completely.

  1. Load about:preferences in Firefox's address bar.
  2. Switch to Security in the sidebar on the left.
  3. Disable the entries "Block reported attack sites" and "block reported web forgeries".

Additional features about the application reputation feature are available on Mozilla's Wiki.

Now Read: An in-depth Firefox security guide

Summary
How to prevent Firefox from sending downloaded file information to Google
Article Name
How to prevent Firefox from sending downloaded file information to Google
Description
Find out how to block Firefox from sending information about downloaded files to Google.
Author
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. John P said on July 23, 2014 at 9:52 am
    Reply

    Can you write up one for IE’s SmartScreen Filter? It’s basically the same thing, but sending info to MS’s database.

    1. Martin Brinkmann said on July 23, 2014 at 10:47 am
      Reply
      1. Niks said on July 23, 2014 at 2:41 pm
        Reply

        Any way to disable remote list checking ?

      2. Martin Brinkmann said on July 23, 2014 at 2:47 pm
        Reply

        In Firefox? By setting the url to blank.

      3. Niks said on July 23, 2014 at 3:14 pm
        Reply

        This post is about the local list method or remote list method ? :/

      4. Martin Brinkmann said on July 23, 2014 at 3:21 pm
        Reply

        According to Mozilla’s wiki, setting the string to blank disables the application reputation checks. https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc#How_to_turn_off_this_feature

  2. kktkkr said on July 23, 2014 at 9:53 am
    Reply

    I’m still not a fan of blocking the download options entirely, especially with the possibility for massive inconvenience in the case of a false positive, and the notion of it sounds a little like censorship (even though Firefox already does the blocking similarly for websites).

    The part that interests me is that the Mozilla Wiki article (and the original tracking bug it links to) makes no mention of the impact of add-ons. Can an add-on bypass the usual route for file downloads and thus avoid this malware check? An add-on which does this probably will not get approved by the AMO repository, but if it is possible it might weaken the protection offered by this feature.

  3. xtremezz said on July 23, 2014 at 10:37 am
    Reply

    As if getting rid of that obstinate Google PREF cookie wasn’t hard enough already. Ironic given that the first page you see on upgrading to FF 31 mentions Firefox being #1 in privacy, if I recall correctly.

    Disabled it yesterday, but let’s be honest, how many people actually read release notes?

    At any rate, “block malware from downloaded files” sounds better than “have Google check every file you download”.

  4. mike said on July 23, 2014 at 1:50 pm
    Reply

    if the one has safebrowsing enabled then data will reach google anyway and same if he or she uses virustotal you know.

  5. ken said on July 23, 2014 at 2:13 pm
    Reply

    can I allow download anyway or it’s blocked for good I mean what options are hidden under dismiss scrolldown menu?

    1. Martin Brinkmann said on July 23, 2014 at 2:15 pm
      Reply

      In Chrome, none at all. In Firefox, no idea as the feature is not available yet.

      1. ken said on July 23, 2014 at 2:48 pm
        Reply

        even in nightly? so how you disable it in chrome then if at all possible?

      2. Martin Brinkmann said on July 23, 2014 at 2:49 pm
        Reply

        You need to disable “enable phishing and malware protection” on the chrome://settings/ page.

  6. racorbin said on July 23, 2014 at 2:34 pm
    Reply

    Should the entries

    browser.safebrowsing.updateURL;
    browser.safebrowsing.reportURL;
    browser.safebrowsing.gethashURL;
    browser.safebrowsing.malware.reportURL be blanked out also???

    For those interested Pale Moon (and Pale Moon for Linux) currently do not have these entries.

    1. Martin Brinkmann said on July 23, 2014 at 2:47 pm
      Reply

      If you don’t require safebrowsing then you can simply disable the feature completely by setting browser.safebrowsing.enabled and browser.safebrowsing.malware.enabled to false.

      1. racorbin said on July 23, 2014 at 2:59 pm
        Reply

        Yes, that makes sense. But I like the safe browsing idea of checking against a list on my PC (or against Web of Trust). What I dont like is sending anything to Google. A previous comment by “mike” indicated that if safebrowsing is enabled, google will be contacted regardless of these config changes.

        Another question: if Web of Trust is enabled, is that “sufficient” for protection?

      2. Martin Brinkmann said on July 23, 2014 at 3:08 pm
        Reply

        Web of Trust is only offering reputation ratings for websites, not downloads as far as I know.

      3. Chris said on July 25, 2014 at 8:12 am
        Reply

        Does firefox’s “block reported attack sites and web forgeries” check a local block list or send URLs to the cloud?

        Mozilla is getting less trustworthy with every new release. How do we know Firefox Sync is really off? Is Mozilla collecting history and bookmarks to sell to Google?

  7. David said on July 23, 2014 at 9:05 pm
    Reply

    My version of Pale Moon (24.6.2 (x64)) has those entries with addresses. I just followed Martin’s advice and also set the following entries to false.

    services.sync.prefs.sync.browser.safebrowsing.enabled
    services.sync.prefs.sync.browser.safebrowsing.malware.enabled

  8. MozillaTards said on July 23, 2014 at 9:55 pm
    Reply

    Mozilla has become dodgy as fucking scum like Google.

  9. Smith said on July 24, 2014 at 8:08 pm
    Reply

    Is there any way to

    1. have safebrowsing for websites enabled, and,
    2. have this local-anti-malware function enabled also, but without sending new files to google?

    Regards,
    Smith

  10. p3t3r said on July 27, 2014 at 7:34 am
    Reply

    Hi @all!

    Currently i’m testing Firefox 31 esr. I had disabled the above mentioned safety-options in firefox. Under FF31 i disabled the adblock-addons and i use only Ghostery and NoScript. Together with the new engine FF starts faster and reacts smoother while surfing or streaming video.

    My two cents for safe browsing:

    Ghostery needs a little modification of settings, because not all known cookies and trackers are blocked by default. Also the Ghostrank-checkbox should be deactivated for privacy reasons and performance (traffic).

    NoScript is able to block most of advertising, so adblock seems obsolete. ABP is known as a RAM-Hog. I didn’t have the time to check all my facourites regarding ad-free behaviour under NoScript.

    In common it makes more sense to check a file with an AVP after downloading.

    Otherwise it would make sense to work with different profiles: a slim one when browsing on well-known sites you can trust and a “Fort-Knox-Hi-Security-Profile” when surfing thru the net on the search for “warez’n’stuff”.

    Kind regards

    p3t3r

  11. Bindee said on September 24, 2014 at 10:58 am
    Reply

    browser.safebrowsing.appRepURL

    This no longer shows in the latest version of firefox , Has it now been disabled by default or has the name changed ?

    Thanks

    1. Martin Brinkmann said on September 24, 2014 at 11:21 am
      Reply

      Still listed in my version of Firefox (latest Nightly).

  12. Bindee said on September 25, 2014 at 12:40 am
    Reply

    Firefox 32.0.2 – standard web update.

    Just checked my two desktops and a laptop all running standard installs of the latest firefox 32.0.2 web version and none show *..appRepURL in about:config ?

    The laptop is windows XP 32bit and the desktops are Win 8 64bit.

    :headscratch:

    1. Bindee said on September 25, 2014 at 7:14 am
      Reply

      I should point out i meant ” browser.safebrowsing.appRepURL ” and not the short version of *..appRepURL in my post incase that gave the impression that is what i was looking for.

      It existed before i upgraded to 32.0.2

      I done a fresh install , i wonder if it would have still shown in the config if i had just installed over the previous version?

  13. Tammo said on September 27, 2014 at 10:23 am
    Reply

    Not just Bindee

    I installed the latest 32.0.3 that came out a couple of days ago and it no longer shows.

    Have they hidden it or renamed it , maybe Martin Brinkmann could look into it ?

    1. Martin Brinkmann said on September 27, 2014 at 10:43 am
      Reply

      I just checked in Firefox Stable and it is not there anymore. It still exists in Firefox Nightly though. Maybe Mozilla removed it from stable versions of the browser?

      1. Bindee said on September 27, 2014 at 10:50 am
        Reply

        Thanks both for confirming it.

        Lets hope it has been removed and not set to be permanently enabled.

  14. Declan said on October 23, 2014 at 12:47 pm
    Reply

    It’s still not there in the latest 33.0 revision. ?

  15. Martin said on August 17, 2015 at 12:42 pm
    Reply

    Danke !!

  16. R2D2 said on December 18, 2016 at 8:29 pm
    Reply

    In FireFox ver 50 there are 2 reporting addresses. Look for these two:
    browser.safebrowsing.provider.google.reportURL
    browser.safebrowsing.provider.google4.reportURL

  17. gogoleis evil@eyesmail.com said on March 1, 2017 at 5:10 am
    Reply

    *.safebrowsing.*URL

    Evil mask Destroy all

    with calming blankkkkkkkkkkkkkkkkkkkkkkkkkkkkkk

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.