Security/Tracking protection: Difference between revisions
< Security
Jump to navigation
Jump to search
(→Prefs: describe privacy.trackingprotection.introURL) |
(→Lists: mention the legacy list) |
||
| Line 44: | Line 44: | ||
** [https://github.com/mozilla-services/shavar-prod-lists/blob/master/disconnect-entitylist.json Our copy] (i.e. what we ship to clients in binary form) | ** [https://github.com/mozilla-services/shavar-prod-lists/blob/master/disconnect-entitylist.json Our copy] (i.e. what we ship to clients in binary form) | ||
** Implemented in [https://bugzilla.mozilla.org/show_bug.cgi?id=1141352 bug 1141352] | ** Implemented in [https://bugzilla.mozilla.org/show_bug.cgi?id=1141352 bug 1141352] | ||
* Legacy blacklist (<tt>mozpub-track-digest256</tt>) -- Firefox 41 and earlier | |||
** [https://services.disconnect.me/disconnect-plaintext.json Upstream source] | |||
** [https://github.com/mozilla-services/shavar-list-exceptions/blob/master/allow_list Exceptions] (entries we remove from the upstream list) | |||
** [https://github.com/mozilla-services/shavar-prod-lists/blob/master/disconnect-blacklist.json Final list] (i.e. what we ship to clients in binary form) | |||
* List creation script | * List creation script | ||
** [https://github.com/mozilla-services/shavar-list-creation The script] which generates all of the tracking protection lists in binary format. | ** [https://github.com/mozilla-services/shavar-list-creation The script] which generates all of the tracking protection lists in binary format. | ||
** [https://github.com/mozilla-services/shavar-list-creation-config Prod/stage list configuration] for the script | ** [https://github.com/mozilla-services/shavar-list-creation-config Prod/stage list configuration] for the script | ||
* The lists are stored in these files: | * The lists are stored in these files: | ||
** <tt>~/.cache/mozilla/firefox/XXXX/safebrowsing/mozstd-track*</tt> on Linux | ** <tt>~/.cache/mozilla/firefox/XXXX/safebrowsing/mozstd-track*</tt> on Linux | ||
Revision as of 22:39, 15 October 2015
Description
Tracking Protection is a new platform-level technology that blocks HTTP loads at the network level. It is based on the Safe Browsing technology that powers our phishing and malware protection.
This feature is part of the Polaris initiative.
Prefs
- privacy.trackingprotection.enabled: to enable TP globally
- privacy.trackingprotection.pbmode.enabled: to enable TP in Private Browsing mode (not needed if the global pref is enabled)
- privacy.trackingprotection.ui.enabled: show a checkbox to toggle privacy.trackingprotection.enabled in the Preferences (Nightly only)
- privacy.trackingprotection.introCount
- privacy.trackingprotection.introURL: URL that kicks off the UI tour (target of the "See how this works" button in about:privatebrowsing)
- urlclassifier.disallow_completions: list of tables for which we never call gethash
- urlclassifier.trackingTable: list of tables to use when looking for trackers (they need to be named *-track-*)
- urlclassifier.trackingWhitelistTable: list of tables to use when checking whether or not a tracker is part of the same entity as the page (they need to be named *-trackwhite-*)
Firefox 42 and earlier:
- browser.trackingprotection.updateURL: server endpoint for downloading list updates
- browser.trackingprotection.gethashURL: server endpoint for completions
Firefox 43 and later:
- browser.safebrowsing.provider.mozilla.lists: list of tables coming from the Mozilla shavar service
- browser.safebrowsing.provider.mozilla.updateURL: server endpoint for downloading list updates
- browser.safebrowsing.provider.mozilla.gethashURL: server endpoint for completions
Engineering
- Tracking Bug
- Client implementation
- Server implementation
- Telemetry dashboard
- itisatrap.org test page
Lists
- Blacklist (mozstd-track-digest256)
- Upstream source (how it's created)
- Our copy (i.e. what we ship to clients in binary form)
- Entity whitelist (mozstd-trackwhite-digest256)
- Upstream source
- Our copy (i.e. what we ship to clients in binary form)
- Implemented in bug 1141352
- Legacy blacklist (mozpub-track-digest256) -- Firefox 41 and earlier
- Upstream source
- Exceptions (entries we remove from the upstream list)
- Final list (i.e. what we ship to clients in binary form)
- List creation script
- The script which generates all of the tracking protection lists in binary format.
- Prod/stage list configuration for the script
- The lists are stored in these files:
- ~/.cache/mozilla/firefox/XXXX/safebrowsing/mozstd-track* on Linux
- ~/Library/Caches/Firefox/Profiles/XXXX/safebrowsing/mozstd-track* on Mac
- C:\Users\XXXX\AppData\Local\mozilla\firefox\profiles\XXXX\safebrowsing\mozstd-track* on Windows
QA
- Test page
- Test plan for Fx42
- Shavar test plan (includes end-to-end tests)
- Breakage bugs
- Ideas for a testing strategy
- One and Done task
- Script to dump the contents of mozpub-track-digest256* files
To turn on debugging output, export the following environment variable:
NSPR_LOG_MODULES="UrlClassifierDbService:5,nsChannelClassifier:5"
To produce the "digest256" hash that sbdbdump -v will contain for example.com:
echo -n "example.com/" | sha256sum 7fc983ea552f7c8d153fc308d621eb4f52e84aa63ecccf3a735698a11a2a4a8d