Security/Tracking protection: Difference between revisions
< Security
Jump to navigation
Jump to search
(→List: link to the prod/stage list config) |
(document the entity whitelist) |
||
| Line 18: | Line 18: | ||
* <tt>urlclassifier.disallow_completions</tt>: list of tables for which we never call <tt>gethash</tt> | * <tt>urlclassifier.disallow_completions</tt>: list of tables for which we never call <tt>gethash</tt> | ||
* <tt>urlclassifier.trackingTable</tt>: list of tables to use when looking for trackers (they need to be named <tt>*-track-*</tt>) | * <tt>urlclassifier.trackingTable</tt>: list of tables to use when looking for trackers (they need to be named <tt>*-track-*</tt>) | ||
* <tt>urlclassifier.trackingWhitelistTable</tt>: list of tables to use when checking whether or not a tracker is part of the same entity as the page (they need to be named <tt>*-trackwhite-*</tt>) | |||
== Engineering == | == Engineering == | ||
| Line 28: | Line 29: | ||
== List == | == List == | ||
* [https://services.disconnect.me/disconnect-plaintext.json Upstream | * [https://services.disconnect.me/disconnect-plaintext.json Upstream blacklist] ([https://disconnect.me/help#where-can-i-find-disconnects-tracker-protection-list-and-how-is-this-list-created how it's created]) -- used to generate <tt>mozpub-track-digest256</tt> | ||
* [https://github.com/mozilla-services/shavar-list-creation List conversion script] | * [https://s3.amazonaws.com/lists.disconnect.me/entitylist.json Upstream entity list] -- used to generate <tt>mozpub-trackwhite-digest256</tt> (see [https://bugzilla.mozilla.org/show_bug.cgi?id=1141352 bug 1141352]) | ||
* [https://github.com/mozilla-services/shavar-list-creation List conversion script] for all of the tracking protection lists | |||
* [https://github.com/mozilla-services/shavar-list-creation-config Prod/stage list configuration] | * [https://github.com/mozilla-services/shavar-list-creation-config Prod/stage list configuration] | ||
* [https://github.com/mozilla-services/shavar-list-exceptions Allow list] | * [https://github.com/mozilla-services/shavar-list-exceptions Allow list] (deprecated) -- entries to remove from the blacklist | ||
* [https://intranet.mozilla.org/TrackingProtectionForFirefox/ListPolicy List policy] | * [https://intranet.mozilla.org/TrackingProtectionForFirefox/ListPolicy List policy] | ||
* The | * The lists are stored in these files: | ||
** <tt>~/.cache/mozilla/firefox/XXXX/safebrowsing/mozpub-track-digest256.*</tt> on Linux | ** <tt>~/.cache/mozilla/firefox/XXXX/safebrowsing/mozpub-track{,white}-digest256.*</tt> on Linux | ||
** <tt>~/Library/Caches/Firefox/Profiles/XXXX/safebrowsing/mozpub-track-digest256.*</tt> on Mac | ** <tt>~/Library/Caches/Firefox/Profiles/XXXX/safebrowsing/mozpub-track{,white}-digest256.*</tt> on Mac | ||
== QA == | == QA == | ||
Revision as of 17:20, 20 August 2015
Description
Websites need to be able to deliver and monetize the content they create. Users want more protection from online tracking. Tracking Protection is a new platform-level technology that blocks HTTP loads at the network level. Coupled with a user-declared opt-out, such as Do Not Track, we will explore various paths that can provide users with more safety while allowing websites to reliably deliver ads that meet or exceed consumer's tracking preferences.
This feature is part of the Polaris initiative.
https://intranet.mozilla.org/TrackingProtectionForFirefox
Prefs
- browser.trackingprotection.updateURL: server endpoint for downloading list updates
- browser.trackingprotection.gethashURL: server endpoint for completions
- privacy.trackingprotection.enabled: to enable TP globally
- privacy.trackingprotection.pbmode.enabled: to enable TP in Private Browsing mode (not needed if the global pref is enabled)
- privacy.trackingprotection.ui.enabled: show a checkbox to toggle privacy.trackingprotection.enabled in the Preferences (Nightly only)
- privacy.trackingprotection.introCount
- privacy.trackingprotection.introURL
- urlclassifier.disallow_completions: list of tables for which we never call gethash
- urlclassifier.trackingTable: list of tables to use when looking for trackers (they need to be named *-track-*)
- urlclassifier.trackingWhitelistTable: list of tables to use when checking whether or not a tracker is part of the same entity as the page (they need to be named *-trackwhite-*)
Engineering
List
- Upstream blacklist (how it's created) -- used to generate mozpub-track-digest256
- Upstream entity list -- used to generate mozpub-trackwhite-digest256 (see bug 1141352)
- List conversion script for all of the tracking protection lists
- Prod/stage list configuration
- Allow list (deprecated) -- entries to remove from the blacklist
- List policy
- The lists are stored in these files:
- ~/.cache/mozilla/firefox/XXXX/safebrowsing/mozpub-track{,white}-digest256.* on Linux
- ~/Library/Caches/Firefox/Profiles/XXXX/safebrowsing/mozpub-track{,white}-digest256.* on Mac
QA
- Test plan for Fx42
- Breakage bugs
- Ideas for a testing strategy
- Test page
- One and Done task
- Script to dump the contents of mozpub-track-digest256* files
To turn on debugging output, export the following environment variable:
NSPR_LOG_MODULES="UrlClassifierDbService:5,nsChannelClassifier:5"
To produce the "digest256" hash that sbdbdump -v will contain for example.com:
echo -n "example.com/" | sha256sum 7fc983ea552f7c8d153fc308d621eb4f52e84aa63ecccf3a735698a11a2a4a8d