Does "Google Safe Browsing" track you while using Tor?

I don't even know what it is. But someone is posting about it in a Tor thread. (What happened to the quote feature? To highlight quotes. It has disappeared.)

These are quotes from the thread:

"WARNING: WARNING: WARNING: Google’s Safe Browsing IS AGAIN not deleted from Firefox!!!! You need to do it manualy! This version has AGAIN a unique ID where Google can track you!! Means, Google is able to track you any time you start using TOR!!! Can't understand whay the developer don't take care about this..."

"Please show us how to manually delete Google's Safe Browsing from Firefox or Iceweasel. Note to Tor developers: Could you please ensure that Google's Safe Browsing is deleted from future versions of TBB?"

"IT IS A SHAME THAT PRIVACY SOFTWARE AS TOR ALLOWS GOOGLE TO TRACK YOU ANY TIME YOU USE TOR: IT SEND YOUR UNIQUE FIREFOX VERSION TO THE GOOGLE SERVER IN THE USA:"

https://blog.torproject.org/blog/tor-browser-354-released

 

I just looked in Whonix, which uses stock Tor-browser Firefox, and both "browser.safebrowsing.enabled" and "browser.safebrowsing.malware.enabled" in about:config are "false".

I'm not sure what they're referring to.

 

I haven't looked at the safebrowsing related code, but I can say that with those preferences disabled a normal FF28 will still create some safebrowsing related files in the profile subdir named safebrowsing. Which could cause some confusion.

Are these present/disabled in Tor-Browser?

services.sync.prefs.sync.browser.safebrowsing.enabled
services.sync.prefs.sync.browser.safebrowsing.malware.enabled

 

They're both present and enabled ("true").

 

Those are just preferences for firefox sync, which it's unlikely you're using. In other words, it doesn't matter what they are set to.

 

Figured it was worth trying to rule out the "unexpected results due to their use of sync" explanation. Also, unlike the core safebrowsing prefs which are #ifdef MOZ_SAFE_BROWSING, those sync related ones are #ifdef MOZ_SERVICES_SYNC. Which I was curious about. So thanks mirimir.

 

Thanks!

 

Thanks buddy.

 

I know that I disable this in the about:config in FF, and delete the URL's is would connect to as well. And yet I STILL get D+ prompts that it's trying to do something... which I block. Yet another good reason to use a HIPS. Even if you disable/turn off certain things, or put your trust in certain software, that's no guarantee that it won't try to do something shady in the future. I like to know everything that's happening on my box and not just assume all is well.