Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.
Endigest AI Core Summary
This post explains the cryptographic infrastructure behind Advanced Browsing Protection (ABP) in Messenger, which detects malicious links without exposing user query data to the server. -
•ABP is based on Private Information Retrieval (PIR), using an oblivious pseudorandom function (OPRF) and database sharding to minimize information leaked to the server during link lookups.
•URL matching requires prefix queries rather than exact matches, so the system groups blocklist entries by domain into buckets and checks all path prefix components within a single bucket retrieval.
•To prevent unbalanced buckets caused by domains with many entries (e.g., link shorteners), the server pre-computes a ruleset that instructs clients how many path segments to include when hashing a URL for bucket assignment.
•Client requests are padded to a fixed number of path segments and bucket contents are padded to uniform size, preventing the server from inferring URL structure from request or response length.
This summary was automatically generated by AI based on the original article and may not be fully accurate.
Meta
The Hacker News