Mozilla safe browsing does NOT phone home with sites you're visiting.

Quote:

> Before blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update.

Source: https://support.mozilla.org/en-US/kb/how-does-phishing-and-m...

Pretty sure it's still actually sending a hash, not a URL

The entity I'm primarily worried about tracking here is Google.

And, pretty much trivially, if the URL was added to the blacklist, they have the corresponding URL to the hash.

(Not to mention, even if they didn't, their core product is based around crawling webpages. I'd be highly surprised if they didn't have hashes of the URLs they visited.)

And, even beside that, URLs are relatively low-entropy. Especially with the path-splitting that safe-browsing does.

I think your fears are unfounded, but it's easy enough to turn off.

Firefox Nightly also has a tracking protection in about:config => privacy.trackingprotection.enabled its off by default

seems to also block some adverts when on. (probably because those adverts are also trackers)

Wait. People are upset about how unintuitive Apple's preferences are, but Firefox having config hidden away in the advanced about:config is OK?

Nope. Firefox hide away stuff in about:config for testing purposes generally and expose the setting in the user interface after its been tested enough.

Sounds logical enough to me.