developers.google.com/safe-browsing/ is good documentation on how the Safe Browsing API used by browsers (Chromium, Firefox, Safari, etc.) works. It searches a database based on a truncated hash (4 bytes) of a canonicalized URL. It leaks some information, but doesn't send URLs directly.
Conversation
Replying to
This webpage seems to show that the truncated URL is the most significant 4 to 32 bytes of a SHA256 hash. 32 bytes means the entire hash. 🙄
The page gives 2 examples for 4 an 6 bytes.
The ball seems to be in the browsers camp. Less bytes = more privacy = larger list in return.
1
Replying to
I think 4 bytes is what gets used in practice by most browsers, but I'm not familiar with all of them.