Security/Features/Application Reputation

Please use "Edit with form" above to edit this page.

Status

Application Reputation
Stage	Design
Status	`
Release target	`
Health	OK
Status note	Sid working with Google to get the API endpoints

{{#set:Feature name=Application Reputation

|Feature stage=Design |Feature status=` |Feature version=` |Feature health=OK |Feature status note=Sid working with Google to get the API endpoints }}

Team

Product manager	Sid Stamm
Directly Responsible Individual	Sid Stamm
Lead engineer	Needed
Security lead	`
Privacy lead	Sid Stamm
Localization lead	`
Accessibility lead	`
QA lead	`
UX lead	`
Product marketing lead	`
Operations lead	`
Additional members	Bizdev needed

{{#set:Feature product manager=Sid Stamm

|Feature feature manager=Sid Stamm |Feature lead engineer=Needed |Feature security lead=` |Feature privacy lead=Sid Stamm |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=Bizdev needed }}

Open issues/risks

`

Stage 1: Definition

1. Feature overview

Bug 662819.

We warn on every application download, which causes warning fatigue and doesn't help users make good decisions. We should track the reputation of download URLs and hashes.

2. Users & use cases

Downloading popular, legitimate applications: warnings should become less severe and less redundant.

Downloading known malware or unknown applications: warnings should become more severe and clearer about the origin of the download. Perhaps more similar to the UI for installing Firefox addons (since the result is equivalent).

3. Dependencies

Google maintains an extension to Safe Browsing that tracks binary file reputation. We can harness their API to provide application reputation whitelisting for Firefox users.

4. Requirements

Preserve privacy as much as possible. This should only apply to downloaded applications, not documents. The URL should not be sent to Mozilla if the download is declined. Users should have the option to use this feature without contributing data to it.

Non-goals

Virus scanning.
Offering to sandbox untrusted native applications.
Preventing downgrade attacks.
Forcing application download sites to use https.
Foist AMO-style user reviews upon application download sites.

Stage 2: Design

5. Functional specification

`

6. User experience design

`

Stage 3: Planning

7. Implementation plan

Lets do this in stages:

Implement prefed-off support for downloading and updating Google's reputation whitelists
Implement easier UI (or none) for downloads matching the whitelist
Run tests to see how often unknown URLs are transmitted to the API
Based on tests, perhaps enable the feature by default

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

`

Stage 5: Release

10. Landing criteria

` {{#set:Feature open issues and risks=` |Feature overview=Bug 662819.

We warn on every application download, which causes warning fatigue and doesn't help users make good decisions. We should track the reputation of download URLs and hashes. |Feature users and use cases=Downloading popular, legitimate applications: warnings should become less severe and less redundant.

Downloading known malware or unknown applications: warnings should become more severe and clearer about the origin of the download. Perhaps more similar to the UI for installing Firefox addons (since the result is equivalent). |Feature dependencies=Google maintains an extension to Safe Browsing that tracks binary file reputation. We can harness their API to provide application reputation whitelisting for Firefox users. |Feature requirements=* Preserve privacy as much as possible. This should only apply to downloaded applications, not documents. The URL should not be sent to Mozilla if the download is declined. Users should have the option to use this feature without contributing data to it. |Feature non-goals=* Virus scanning.

Offering to sandbox untrusted native applications.
Preventing downgrade attacks.
Forcing application download sites to use https.
Foist AMO-style user reviews upon application download sites.

|Feature functional spec=` |Feature ux design=` |Feature implementation plan=Lets do this in stages:

Implement prefed-off support for downloading and updating Google's reputation whitelists
Implement easier UI (or none) for downloads matching the whitelist
Run tests to see how often unknown URLs are transmitted to the API
Based on tests, perhaps enable the feature by default

|Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}

Feature details

Priority	P2
Rank	999
Theme / Goal	`
Roadmap	Security
Secondary roadmap	`
Feature list	`
Project	`
Engineering team	Platform

{{#set:Feature priority=P2

|Feature rank=999 |Feature theme=` |Feature roadmap=Security |Feature secondary roadmap=` |Feature list=` |Feature project=` |Feature engineering team=Platform }}

Team status notes

	status	notes
Products	`	`
Engineering	`	`
Security	`	`
Privacy	`	`
Localization	`	`
Accessibility	`	`
Quality assurance	`	`
User experience	`	`
Product marketing	`	`
Operations	`	`

{{#set:Feature products status=`

|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=` |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}