Safe Browsing
Safe Browsing
Google Safe Browsing is an anti-phishing extension released by Google on labs.google.com in December 2005. Google has released this extension to the Mozilla Foundation under MPL 1.1/GPL 2.0/LGPL 2.1 in order that it might be used as part of Firefox if desired.
We've landed this change on the trunk as a global extension as of 7 March 2006. The next steps are to figure out whether this is something we want to use as the base for an anti-phishing feature in Firefox. Of course, whether it is shipped or even enabled is still a matter for discussion, as is the final form the extension might take, its UI, how it is enabled, and the like.
You can read the discussion that lead up to to its integration in https://bugzilla.mozilla.org/show_bug.cgi?id=329292
How to Enabled
- Add the following to your mozconfig file:
ac_add_options --enable-extensions=default,safe-browsing
- Set the preference "extensions.safebrowsing.enabled" to true
- If you wish to see debugging output, open
safe-browsing/src/loader.jsand setG_GDEBUGto true (andG_GDEBUG_LOADERas well if you'd like) - Look under the
Toolsmenu, and play with the SafeBrowsing option
Design Doc
Safe Browsing: Design Documentation
Source Code
http://lxr.mozilla.org/seamonkey/source/extensions/safe-browsing
Major Open Issues
- How (if at all) does the extension get enabled? What language to use to inform users of the privacy implications? How do they opt?
- Content: is the branding OK? Is the language? Do we want to tweak the warning?
- UI: Where's the most appropriate place for (1) the preferences (2) the test page and (3) the report-a-phishing-link functionality?
- Break into separate service and UI pieces?
TODO: expand, file bugs
Important Bugs
- Localization (e.g., do we turn it on in all locales? does the warning reder right with LTR languages? etc)
- Make the non-enhanced protection user experience better by doing asynchronous file reads and better tuning of the "threads" we use to process the lists.
- etc
TODO: expand, file bugs