lauren@vortex.com
Date: Sat, 16 Mar 2024 13:13:37 -0700
It's up to you, but for now I recommend DISABLING Google's new Chrome
"real-time, privacy-preserving URL protection".
I'm getting a lot of questions about this, and I simply don't have time right now to write this up in depth. So this will have to be short (at least by my standards).
Google is implementing by default in Chrome a new system to expand their detection of unsafe sites, via a complicated new real-time system that sends hashes of URLs to a third-party, non-Google firm.
The details are in:
https://security.googleblog.com/2024/03/blog-post.html
Google's goal is laudable, but though it would probably be unfair of me to call this system "Rube Goldberg-ish", it is definitely very far from trivial.
I am in particular concerned about the ramifications of Chrome users being connected by default to a completely non-Google entity to which they are sending data, no matter how obfuscated that data may be.
While Google seems to be asserting that by creating a three-party system (user, Google, outside firm) privacy is enhanced -- and this would appear to be true in theory -- the possibilities for interference by government or other entities seems increased with each new player in the process. Also, users are now dealing with an additional set of policies (and legal departments), that of Google and that of the third party. Nor (as far as I know) has the contractual basis of the relationship between Google and this third party been made public.
There may be nothing at all wrong with this arrangement. But frankly, the introduction of a third party and other aspects of this system have raised a caution warning for me, especially when this is enabled by default.
So my recommendation for now is to turn off this feature, until significantly more is known about it in the respects I've mentioned above and others. This is completely up to you of course. You may wish to keep the Google default that uses this system and have the additional protection, and may not be at all concerned about the other issues I've mentioned. Absolutely your choice.
I do invite Google to contact me with more information about these issues if they wish to do so. -L