Now apple shares your browsing history with Google. Apple's recent response to this issue is they don't share the actual url, weasel words. Apple shares a hashed value of the url. So apple is technically correct in saying they don't share the actual url.
Sending the hashed values of suspicious URLs to Google is in no way "sharing your browsing history" with the company. Do you understand that there's no way for Google to take that hash and derive the URL from it? It's a one-way transformation. But there's no reason to even worry about that because
Apple does not send the hashed value of the URL to Google.
You are significantly misrepresenting how this works technically. Is it that you don't understand, or are you lying, or do you just not care if you are correct or not?
Edit to clarify:
Here's how it works:
- Your device periodically downloads a list of unsafe URL hash prefixes from Google (or Tencent if you are in China). At this step, Google can see your IP address and can infer that there is a web browser at that IP address. Google can't tell if that web browser is being used, though. Just that it's running.
- Your device is ready to load an URL
- Your device calculates the SHA256 hash of the URL it wants to load.
- Your device trims that hash to just the hash prefix
- Your device checks that hash prefix against the local database of hash prefixes
- If there is no match, the URL is loaded and we're done.
- If there is a match with the database of suspicious hash prefixes, your device requests a list of all the full SHA256 hashes of suspicious URLs which match that prefix. Google can see your IP at this step and knows that you have attempted to load some URL which has the same hash prefix as a known suspicious URL. There's no way for Google to know what URL you are loading or even if that URL is one of their published suspicious URLs
- Your device looks to see if the full hash of the URL it wants to load is one of the full hashes it just received.
- If the full hash is not on the detailed list, the URL is loaded and we're done.
- If the full hash is on the detailed list, the browser throws a warning and declines to load the URL unless you (the user) override it.
You'll notice that
at no point has the full hash of the URL you are loading been sent to Google. Even if it had been sent Google would have no way to know what URL you were trying to load (unless it was a match with one of their suspicious URLs), but since the full hash is never sent to Google they can't even do that.
The only weasel words I see are you claiming that Apple "shares your browsing history with Google." That's a flat-out false accusation. No interpretation of the safe browsing API can be summarized in this way.
This is all documented
here, btw. It's not a secret how all this works.