"separate cookie"? Just correlate it by IP address (or whatever) + time. While I'm not a database expert, I'm sure I could make something like this work:
SELECT users.id AS google_user_id
sb_hits.ip_addr AS safebrowsing_update_ip_addr
sb_hits.request_time AS safebrowsing_update_time
FROM all_page_hits AS user_hits,
all_page_hits AS sb_hits,
normal_google_accounts AS users,
safebrowsing_pseudo_accounts AS sb_users
WHERE users.cookie = user_hits.cookie
AND sb_users.cookie = sb_hits.cookie
AND user_hits.ip_addr = sb_hits.ip_addr
AND (sb_hits.request_time BETWEEN (user_hits.request_time - interval '1 hour')
AND (user_hits.request_time + interval '1 hour'))
Any cookie at all betrays information (that's what it's for!), and once any sort of correlation is established, that "separate cookie" can be permanently tied to the real account(s).
The IP betrays information as well, but that's not a reason to make it even easier with a cookie.
"Random user x often uses their browser between 9am and 5pm on M-F"
That's exactly the important information that should be protected, to resist pattern-of-life analysis.
(apologies for any SQL errors; it's been a while since I did any serious db work)
I don't understand the skeptical scare quotes around "separate cookie". If you read the linked bugs, you would see that when SafeBrowsing was originally added to Firefox, it used the same cookie jar, which meant that SafeBrowsing requests included a cookie for safebrowsing.google.com (necessary for it to function) but also all cookies for *.google.com, which is clearly undesireable from a privacy perspective and has since been fixed.
If pattern-of-life analysis is a concern of yours, you should be using the Tor Browser and taking a whole host of other precautions. Fiddling with a bunch of prefs in about:config and using an ad blocker isn't going to cut it.
And again, it's not a zero-sum game. Safe Browsing provides some meaningful benefit of terms of protecting users from malicious websites, which on balance is probably worth the compromise to their privacy (which is comparatively minor and was minimized through careful and intentional engineering).
I agree that it's worthwhile to try to stop the trend towards increasing surveillance of Internet users using whatever techniques are available, but it's really at the core of the Internet's business model and some fundamental changes are necessary.
The IP betrays information as well, but that's not a reason to make it even easier with a cookie.
"Random user x often uses their browser between 9am and 5pm on M-F"
That's exactly the important information that should be protected, to resist pattern-of-life analysis.
(apologies for any SQL errors; it's been a while since I did any serious db work)