Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Change the way Adguard checks domain with browsing security web service. #162
We now send domain and ip to the backend server to check it against our phishing/malware database. This is wrong and may look suspicious to users that domain name is sent in plain text.
Instead we should use a one-way hash to do the check (like SHA256). Thus user will be sure that we don't see the real domain names and thus we can't use that data in any way.
Checking example.domain.com against browsing security web service
Extract most significant parts of that host (in fact just extract subdomains and concatenate for '/') AND ip address.
Calculate SHA256 hashes for both domains:
Get prefixes (substring length=8)
Send these prefixes to the backend server (separate with "/")
Response will contain list of all hashes found, list name and a chunk id
If nothing found server will return empty response 204 No Content.
Check if any of returned full hashes match any of your hashes.
Real life example