Google Safe Browsing is an anti-phishing extension released by Google on labs.google.com in December 2005. Google has released this extension to the Mozilla Foundation under MPL 1.1/GPL 2.0/LGPL 2.1 in order that it might be used as part of Firefox if desired.

We've landed this change on the trunk as a global extension as of 7 March 2006. The next steps are to figure out whether this is something we want to use as the base for an anti-phishing feature in Firefox. Of course, whether it is shipped or even enabled is still a matter for discussion, as is the final form the extension might take, its UI, how it is enabled, and the like.

You can read the discussion that lead up to to its integration in https://bugzilla.mozilla.org/show_bug.cgi?id=329292

How to Enabled

• Add the following to your mozconfig file:

ac_add_options --enable-extensions=default,safe-browsing

• Set the preference "extensions.safebrowsing.enabled" to true
• If you wish to see debugging output, open safe-browsing/src/loader.js and set G_GDEBUG to true (and G_GDEBUG_LOADER as well if you'd like)
• Look under the Tools menu, and play with the SafeBrowsing option

Design Doc

Safe Browsing: Design Documentation

Source Code

http://lxr.mozilla.org/seamonkey/source/extensions/safe-browsing

Major Open Issues

• How does the extension get enabled? What language to use to inform users of the privacy implications?

• Content: what branding to include, is the language in the warning acceptable, and so forth.

• UI: Where's the most appropriate place for (1) the preferences (2) the test page and (3) the report-a-phishing-link functionality?

• Localization (e.g., do we turn it on in all locales? does the warning reder right with LTR languages? etc)

• Make the non-enhanced protection user experience better by doing asynchronous file reads and better tuning of the "threads" we use to process the lists.

Important Bugs