Security/Safe Browsing: Difference between revisions
< Security
Jump to navigation
Jump to search
m (Reverted edit of 1144268194, changed back to last version by Ben) |
No edit summary |
||
| Line 1: | Line 1: | ||
= Safe Browsing = | |||
[http:// | [http://www.google.com/tools/firefox/safebrowsing/ Google Safe Browsing] is an anti-phishing extension released by Google on [http://labs.google.com/ labs.google.com] in December 2005. Google has released this extension to the Mozilla Foundation under MPL 1.1/GPL 2.0/LGPL 2.1 in order that it might be used as part of Firefox if desired. | ||
[http:// | |||
We've landed this change on the trunk as a global extension as of 7 March 2006. The next steps are to figure out whether this is something we want to use as the base for an anti-phishing feature in Firefox. Of course, whether it is enabled or even shipped is still a matter for discussion, as is the final form the extension might take, its UI, the way users opt-in, and the like. | |||
You can read the discussion that lead up to to its integration in https://bugzilla.mozilla.org/show_bug.cgi?id=329292 | |||
== How to Enable == | |||
* Add the following to your mozconfig file: | |||
<pre> | |||
ac_add_options --enable-extensions=default,safe-browsing | |||
</pre> | |||
* Set the preference "extensions.safebrowsing.enabled" to true | |||
* If you wish to see debugging output, open <code>safe-browsing/src/loader.js</code> and set <code>G_GDEBUG</code> to true (and <code>G_GDEBUG_LOADER</code> as well if you'd like) | |||
* Look under the <code>Tools</code> menu, and play with the SafeBrowsing option | |||
== Design Doc == | |||
[[Safe Browsing: Design Documentation]] | |||
== Server Spec == | |||
[[Safe Browsing: Server Spec]] | |||
== Source Code == | |||
http://lxr.mozilla.org/seamonkey/source/extensions/safe-browsing | |||
== Major Open Issues == | |||
* How (if at all) does the extension get enabled? What language to use to inform users of the privacy implications? How do they opt? | |||
* Content: is the branding OK? Is the language? Do we want to tweak the warning? | |||
* UI: Where's the most appropriate place for (1) the preferences (2) the test page and (3) the report-a-phishing-link functionality? | |||
* Ability to switch to other providers (need UI for it, need a bit of refactoring, etc.) | |||
* Can we make agreements with service providers (e.g., Google) that will increase the privacy guarantees for data collected? Can we provide service ourself (see [[Reporter: Safe Browsing Integration Discussion]])? | |||
* Break into separate service and UI pieces? | |||
'''TODO: expand, file bugs''' | |||
== Important Bugs == | |||
* Localization (e.g., do we turn it on in all locales? does the warning reder right with RTL languages? etc): https://bugzilla.mozilla.org/show_bug.cgi?id=329724 | |||
* Make file I/O in non-enhanced mode better: https://bugzilla.mozilla.org/show_bug.cgi?id=329723 | |||
* Play nicely with other people who change the status bar: https://bugzilla.mozilla.org/show_bug.cgi?id=329722 | |||
* Fixed position XUL is apparently not officially supported... is there an alternative? https://bugzilla.mozilla.org/show_bug.cgi?id=329725 | |||
== Other Bugs or Potential Improvements == | |||
Are filed as bugs under [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&product=Firefox&component=Safe+Browsing&long_desc_type=substring&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywords=&emailassigned_to1=1&emailtype1=exact&email1=&emailassigned_to2=1&emailreporter2=1&emailqa_contact2=1&emailtype2=exact&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0= Firefox / Safe Browsing] | |||
== Contacts == | |||
All the following are at g o o g l e d <span></span>o t c o m | |||
primary: niels, tc, fritz | |||
secondary: sullivan, brakowski (product manager) | |||
Revision as of 16:17, 8 June 2006
Safe Browsing
Google Safe Browsing is an anti-phishing extension released by Google on labs.google.com in December 2005. Google has released this extension to the Mozilla Foundation under MPL 1.1/GPL 2.0/LGPL 2.1 in order that it might be used as part of Firefox if desired.
We've landed this change on the trunk as a global extension as of 7 March 2006. The next steps are to figure out whether this is something we want to use as the base for an anti-phishing feature in Firefox. Of course, whether it is enabled or even shipped is still a matter for discussion, as is the final form the extension might take, its UI, the way users opt-in, and the like.
You can read the discussion that lead up to to its integration in https://bugzilla.mozilla.org/show_bug.cgi?id=329292
How to Enable
- Add the following to your mozconfig file:
ac_add_options --enable-extensions=default,safe-browsing
- Set the preference "extensions.safebrowsing.enabled" to true
- If you wish to see debugging output, open
safe-browsing/src/loader.jsand setG_GDEBUGto true (andG_GDEBUG_LOADERas well if you'd like) - Look under the
Toolsmenu, and play with the SafeBrowsing option
Design Doc
Safe Browsing: Design Documentation
Server Spec
Source Code
http://lxr.mozilla.org/seamonkey/source/extensions/safe-browsing
Major Open Issues
- How (if at all) does the extension get enabled? What language to use to inform users of the privacy implications? How do they opt?
- Content: is the branding OK? Is the language? Do we want to tweak the warning?
- UI: Where's the most appropriate place for (1) the preferences (2) the test page and (3) the report-a-phishing-link functionality?
- Ability to switch to other providers (need UI for it, need a bit of refactoring, etc.)
- Can we make agreements with service providers (e.g., Google) that will increase the privacy guarantees for data collected? Can we provide service ourself (see Reporter: Safe Browsing Integration Discussion)?
- Break into separate service and UI pieces?
TODO: expand, file bugs
Important Bugs
- Localization (e.g., do we turn it on in all locales? does the warning reder right with RTL languages? etc): https://bugzilla.mozilla.org/show_bug.cgi?id=329724
- Make file I/O in non-enhanced mode better: https://bugzilla.mozilla.org/show_bug.cgi?id=329723
- Play nicely with other people who change the status bar: https://bugzilla.mozilla.org/show_bug.cgi?id=329722
- Fixed position XUL is apparently not officially supported... is there an alternative? https://bugzilla.mozilla.org/show_bug.cgi?id=329725
Other Bugs or Potential Improvements
Are filed as bugs under Firefox / Safe Browsing
Contacts
All the following are at g o o g l e d o t c o m
primary: niels, tc, fritz
secondary: sullivan, brakowski (product manager)