Security/Tracking protection: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(→‎Documentation: link to MDN page)
(→‎QA: add extra test pages)
Line 58: Line 58:
== QA ==
== QA ==


* [https://itisatrap.org/firefox/its-a-tracker.html Test page]
* Test pages
** [https://itisatrap.org/firefox/its-a-tracker.html Blacklist and whitelist using hardcoded values] '''(start here)'''
** [https://people.mozilla.org/~fmarier/tracking-test/ Standard blacklist] (`mozstd-track-digest256` and `mozpub-track-digest256`)
** [https://people.mozilla.org/~fmarier/tracking-test/full.html Strict blacklist] (`mozfull-track-digest256`)
* [[QA/Polaris/Tracking protection|Test plan for Fx42]]
* [[QA/Polaris/Tracking protection|Test plan for Fx42]]
* [[Services/TrackingProtection/Shavar_Server_-_Testing|Shavar test plan]] (includes end-to-end tests)
* [[Services/TrackingProtection/Shavar_Server_-_Testing|Shavar test plan]] (includes end-to-end tests)

Revision as of 22:18, 19 October 2015

Description

Tracking Protection is a new platform-level technology that blocks HTTP loads at the network level. It is based on the Safe Browsing technology that powers our phishing and malware protection.

This feature is part of the Polaris initiative.

Prefs

  • privacy.trackingprotection.enabled: to enable TP globally
  • privacy.trackingprotection.pbmode.enabled: to enable TP in Private Browsing mode (not needed if the global pref is enabled)
  • privacy.trackingprotection.ui.enabled: show a checkbox to toggle privacy.trackingprotection.enabled in the Preferences (Nightly only)
  • privacy.trackingprotection.introCount
  • privacy.trackingprotection.introURL: URL that kicks off the UI tour (target of the "See how this works" button in about:privatebrowsing)
  • urlclassifier.disallow_completions: list of tables for which we never call gethash
  • urlclassifier.trackingTable: list of tables to use when looking for trackers (they need to be named *-track-*)
  • urlclassifier.trackingWhitelistTable: list of tables to use when checking whether or not a tracker is part of the same entity as the page (they need to be named *-trackwhite-*)

Firefox 42 and earlier:

  • browser.trackingprotection.updateURL: server endpoint for downloading list updates
  • browser.trackingprotection.gethashURL: server endpoint for completions

Firefox 43 and later:

  • browser.safebrowsing.provider.mozilla.lists: list of tables coming from the Mozilla shavar service
  • browser.safebrowsing.provider.mozilla.updateURL: server endpoint for downloading list updates
  • browser.safebrowsing.provider.mozilla.gethashURL: server endpoint for completions

Engineering

Lists

  • Blacklist (mozstd-track-digest256)
  • Entity whitelist (mozstd-trackwhite-digest256)
  • Legacy blacklist (mozpub-track-digest256) -- Firefox 41 and earlier
  • List creation script
  • The lists are stored in these files:
    • ~/.cache/mozilla/firefox/XXXX/safebrowsing/mozstd-track* on Linux
    • ~/Library/Caches/Firefox/Profiles/XXXX/safebrowsing/mozstd-track* on Mac
    • C:\Users\XXXX\AppData\Local\mozilla\firefox\profiles\XXXX\safebrowsing\mozstd-track* on Windows

QA

To turn on debugging output, export the following environment variable:

NSPR_LOG_MODULES="UrlClassifierDbService:5,nsChannelClassifier:5"

To produce the "digest256" hash that sbdbdump -v will contain for example.com:

echo -n "example.com/" | sha256sum 
7fc983ea552f7c8d153fc308d621eb4f52e84aa63ecccf3a735698a11a2a4a8d

Documentation