Thanks for the link, that explains it much better than the snippet in the post I replied to.

It seems like it actually is way more private than I thought. FF downloads the database of flagged sites from Google and stores it locally (only partial hashes of URLs though). Only when a match is detected in the local database, FF sends the full hash of the URL to Google to double check, since the local database only has partial hashes to save space (so false positives are likely). It also apparently sends extra noise as part of the payload, so that the request isn't obviously tied to a single URL (in case Google is able to reverse the hash to track your browsing habits, or something like that)

That sounds pretty private to me. A side-by-side comparison of this implementation to the one in Chromium would be interesting. I wonder if browsers like Vivaldi go the extra mile like FF does?

(not: that post is over 5 years old, so it's possible that the implementation may have changed since then)

> Only when a match is detected in the local database, FF sends the full hash of the URL to Google to double check

Even that's not quite what it says, as I understand things. When a partial-hash match is detected, FF asks Google for the list of full hashes that start with this partial hash, and then checks (still locally) against those. So as far as I can see, Google still wouldn't know which of those full hashes corresponds to the URL you're requesting.

(I have not examined the implementation personally, I'm just basing this off the post mentioned. But FF is open source, so if someone would like to check whether this is accurate, that'd be great.)