10

Most modern browsers (Safari, Chrome, Firefox etc.) have Google Safe Browsing built in, so that if users visit a known-harmful site, they get a prominent warning that gets their attention and tries to stop them entering their password, credit card, etc.

For example (https://testsafebrowsing.appspot.com/s/malware.html)
Safari:

Firefox:

From a privacy perspective, clearly there is a trade-off here. You can use it in a relatively private mode (https://developers.google.com/safe-browsing/v4/update-api) The terms don't (at a quick glance) seem to prohibit redistribution of this data, although you are required to use up-to-date data (i.e. no older than 30 mins) if showing warnings.

I just noticed this wasn't present, and it might be something that would keep less tech-savvy users safe. I would probably not be inclined to recommend a browser to a non-technical user that didn't have something like this built in. Although given Orion's approach to not triggering outbound connections to other services, clearly it's understandable to make a trade-off here 🙂

  • Vlad replied to this.

    gp

    This is a great idea. There are a few problems with using Google Safe Browsing for execution.

    1. Google Safe Browsing is owned by Google, so Google gets to define what 'safe browsing' means.

    2. Google Safe Browsing is not a high quality source.

    For example https://51.fi is a known phishing site (referenced in https://phishing.army/download/phishing_army_blocklist_extended.txt) and does not trigger a warning in Chrome.

    1. If we were to use GSB that would have impact on performance (as you have to query the API, through a proxy presumably).

    How would user end up there anyway? Most likely through a search engine. Which is why we implement all reputable scam/phishing lists into Kagi Search already.

    For example:

    In the future we will implement the measure into Orion, and it will be using crowd-sourced data, like we do in Kagi Search.

    • gp likes this.

      This sounds a good idea, and agreed that existing "safety nets" are quite lacking... Also proxying the API would be non-trivial at scale, unless you wanted to build out infrastructure to do that quickly (i.e. some kind of cache-or-fetch-and-cache)

      Realistically most users will get to a bad site either via a search engine (more likely... an ad on a search engine, which Orion + Kagi will avoid), or clicking a link in email. That is handled by most webmail services now (and even some non-web mail) by their protection systems that rewrite links (yuck... but it works for non expert users I guess).

      For a real targeted attack you will use a new URL that isn't on a blacklist, so I guess these measures have reducing value in an era of free SSLs and cheap domains!

      2 years later

      I think that if someoen wanted something along these lines, they could get something similar-ish with a DNS-based blocking system, such as nextDNS, controlD, etc

      though some "adblocker" extensions, eg uBO, also can block these websites, if you set them up to do so

        2 months later

        Steps to reproduce:

        secure http(replace with <https>)://sv.kuvio.cfd/AwETGAx_Pw9CEdkIpVGEkRveeAusJQ6cPxDCX6_pY6DgcYS5_8pNr-ux_8VM2Qscz_ELQYmQj8xx_k3yhjoRTtj1x2_e5E-Bcoiz16wXkTVErQ==?ci=5858952518452624914&n3er=yZSq5A==&fn=Microsoft%20Powerpoint%202019%20VL%2016.46&sd=759782&uu=lIaJhrzOpHZ7iXp6d32Oenx9iHk=!<

        Expected behavior:
        I shouldn't be able to visit this webpage. It could have some mysterious zero-day and the whole system is infected.

        Orion, OS version; hardware type:
        Orion 0.99.125.3-rc

        Image/Video:

        • Vlad replied to this.

          btw its a good idea to replace https with smth like hxxps to prevent it from turning into a hyperlink

            Orion is a web browser and is supposed to allow you to visit any site possible.

            Even Google’s safe browsing does not block all malicious links. There’s no way to block a threat that isn’t yet known to exist. Unless one could see the future, it’s impossible to proactively block all malicious websites. This is not a problem that Orion can do anything about.

            Instead what you should do is upvote the post for custom blocklists.

              Vlad changed the title to Block Malicious sites .
                Merged 5 posts from Block Malicious sites.

                  Vlad Are there any open source networks which have a database of blocked sites? Custom blocklist?

                  • eirk replied to this.

                      Fortrikka yes.. there are plenty. basically any filter list used by any adblocker.
                      including steven black, osid, easylist, notracking, adguard lists, etc

                          eirk Would it be possible for Orion to implement such a network without incurring privacy loss, i.e. google safe browsing sending all dns information constantly to google's servers?

                              Fortrikka It would but there is not standard what is a malware site which makes ithis difficult, biased and opinionated to implement.

                                  eirk What are the best custom blocklists?
                                  And would they block sites such as these novel ones which may have a hidden zero day?

                                      eirk marked this discussion as a potential duplicate of
                                      . A moderator will investigate shortly.
                                        No one is typing