Security/Tracking protection: Difference between revisions
< Security
Jump to navigation
Jump to search
(document the entity whitelist) |
(→List: link to our new source repo for the lists, reorganize this whole section) |
||
| Line 27: | Line 27: | ||
* [https://people.mozilla.org/~fmarier/tracking-dashboard/ Telemetry dashboard] | * [https://people.mozilla.org/~fmarier/tracking-dashboard/ Telemetry dashboard] | ||
== | == Lists == | ||
* [https://services.disconnect.me/disconnect-plaintext.json Upstream | * Blacklist (<tt>mozpub-track-digest256</tt>) | ||
* [https://s3.amazonaws.com/lists.disconnect.me/entitylist.json Upstream | ** [https://services.disconnect.me/disconnect-plaintext.json Upstream source] ([https://disconnect.me/help#where-can-i-find-disconnects-tracker-protection-list-and-how-is-this-list-created how it's created]) | ||
* [https://github.com/mozilla-services/shavar-list-creation | ** [https://github.com/mozilla-services/shavar-prod-lists/blob/master/disconnect-blacklist.json Our copy] (i.e. what we ship to clients in binary form) | ||
* [https://github.com/mozilla-services/shavar-list-creation-config Prod/stage list configuration] | * Entity whitelist (<tt>mozpub-trackwhite-digest256</tt>) | ||
* [https://github.com/mozilla-services/shavar-list-exceptions Allow list] (deprecated) -- entries to remove from the blacklist | ** [https://s3.amazonaws.com/lists.disconnect.me/entitylist.json Upstream source] | ||
* [https://intranet.mozilla.org/TrackingProtectionForFirefox/ListPolicy List policy] | ** [https://github.com/mozilla-services/shavar-prod-lists/blob/master/disconnect-entitylist.json Our copy] (i.e. what we ship to clients in binary form) | ||
** Implemented in [https://bugzilla.mozilla.org/show_bug.cgi?id=1141352 bug 1141352] | |||
* List creation script | |||
** [https://github.com/mozilla-services/shavar-list-creation The script] which generates all of the tracking protection lists in binary format. | |||
** [https://github.com/mozilla-services/shavar-list-creation-config Prod/stage list configuration] for the script | |||
** [https://github.com/mozilla-services/shavar-list-exceptions Allow list] (deprecated) -- entries to remove from the upstream blacklist when generating it | |||
* [https://intranet.mozilla.org/TrackingProtectionForFirefox/ListPolicy List policy] (internal only) | |||
* The lists are stored in these files: | * The lists are stored in these files: | ||
** <tt>~/.cache/mozilla/firefox/XXXX/safebrowsing/mozpub-track{,white}-digest256.*</tt> on Linux | ** <tt>~/.cache/mozilla/firefox/XXXX/safebrowsing/mozpub-track{,white}-digest256.*</tt> on Linux | ||
Revision as of 21:43, 2 September 2015
Description
Websites need to be able to deliver and monetize the content they create. Users want more protection from online tracking. Tracking Protection is a new platform-level technology that blocks HTTP loads at the network level. Coupled with a user-declared opt-out, such as Do Not Track, we will explore various paths that can provide users with more safety while allowing websites to reliably deliver ads that meet or exceed consumer's tracking preferences.
This feature is part of the Polaris initiative.
https://intranet.mozilla.org/TrackingProtectionForFirefox
Prefs
- browser.trackingprotection.updateURL: server endpoint for downloading list updates
- browser.trackingprotection.gethashURL: server endpoint for completions
- privacy.trackingprotection.enabled: to enable TP globally
- privacy.trackingprotection.pbmode.enabled: to enable TP in Private Browsing mode (not needed if the global pref is enabled)
- privacy.trackingprotection.ui.enabled: show a checkbox to toggle privacy.trackingprotection.enabled in the Preferences (Nightly only)
- privacy.trackingprotection.introCount
- privacy.trackingprotection.introURL
- urlclassifier.disallow_completions: list of tables for which we never call gethash
- urlclassifier.trackingTable: list of tables to use when looking for trackers (they need to be named *-track-*)
- urlclassifier.trackingWhitelistTable: list of tables to use when checking whether or not a tracker is part of the same entity as the page (they need to be named *-trackwhite-*)
Engineering
Lists
- Blacklist (mozpub-track-digest256)
- Upstream source (how it's created)
- Our copy (i.e. what we ship to clients in binary form)
- Entity whitelist (mozpub-trackwhite-digest256)
- Upstream source
- Our copy (i.e. what we ship to clients in binary form)
- Implemented in bug 1141352
- List creation script
- The script which generates all of the tracking protection lists in binary format.
- Prod/stage list configuration for the script
- Allow list (deprecated) -- entries to remove from the upstream blacklist when generating it
- List policy (internal only)
- The lists are stored in these files:
- ~/.cache/mozilla/firefox/XXXX/safebrowsing/mozpub-track{,white}-digest256.* on Linux
- ~/Library/Caches/Firefox/Profiles/XXXX/safebrowsing/mozpub-track{,white}-digest256.* on Mac
QA
- Test plan for Fx42
- Breakage bugs
- Ideas for a testing strategy
- Test page
- One and Done task
- Script to dump the contents of mozpub-track-digest256* files
To turn on debugging output, export the following environment variable:
NSPR_LOG_MODULES="UrlClassifierDbService:5,nsChannelClassifier:5"
To produce the "digest256" hash that sbdbdump -v will contain for example.com:
echo -n "example.com/" | sha256sum 7fc983ea552f7c8d153fc308d621eb4f52e84aa63ecccf3a735698a11a2a4a8d