Change the way Adguard checks domain with browsing security web service. #162
We now send domain and ip to the backend server to check it against our phishing/malware database. This is wrong and may look suspicious to users that domain name is sent in plain text.
Instead we should use a one-way hash to do the check (like SHA256). Thus user will be sure that we don't see the real domain names and thus we can't use that data in any way.
Checking example.domain.com against browsing security web service
Extract most significant parts of that host (in fact just extract subdomains and concatenate for '/') AND ip address.
Calculate SHA256 hashes for both domains:
Get prefixes (substring length=8)
Send these prefixes to the backend server (separate with "/")
Response will contain list of all hashes found, list name and a chunk id
If nothing found server will return empty response 204 No Content.
Check if any of returned full hashes match any of your hashes.
Real life example
The text was updated successfully, but these errors were encountered: