Safe Browsing

Google Safe Browsing is an anti-phishing extension released by Google on labs.google.com in December 2005. Google has released this extension to the Mozilla Foundation under MPL 1.1/GPL 2.0/LGPL 2.1 in order that it might be used as part of Firefox if desired.

We've landed this change on the trunk as a global extension as of 7 March 2006. The next steps are to figure out whether this is something we want to use as the base for an anti-phishing feature in Firefox. Of course, whether it is shipped or even enabled is still a matter for discussion, as is the final form the extension might take, its UI, how it is enabled, and the like.

You can read the discussion that lead up to to its integration in https://bugzilla.mozilla.org/show_bug.cgi?id=329292

How to Enabled

• Add the following to your mozconfig file:

ac_add_options --enable-extensions=default,safe-browsing

• Set the preference "extensions.safebrowsing.enabled" to true
• If you wish to see debugging output, open safe-browsing/src/loader.js and set G_GDEBUG to true (and G_GDEBUG_LOADER as well if you'd like)
• Look under the Tools menu, and play with the SafeBrowsing option

Design Doc

Safe Browsing: Design Documentation

Source Code

http://lxr.mozilla.org/seamonkey/source/extensions/safe-browsing

Major Open Issues

• How does the extension get enabled? What language to use to inform users of the privacy implications? How do they opt?

• Content: is the branding OK? Is the language? Do we want to tweak the warning?

• UI: Where's the most appropriate place for (1) the preferences (2) the test page and (3) the report-a-phishing-link functionality?

• Break into separate service and UI pieces?

TODO: expand, file bugs

Important Bugs

TODO: expand, file bugs