Program Management/Projects/SearchHijacking

From MozillaWiki
Jump to navigation Jump to search

Background

Web search is a lucrative business and so the search integration points in Web browsers have become a target for add-ons -- from legitimate, to grayware, to malware. The collection of techniques used to circumvent browser search defaults to funnel search revenues to third parties is referred to as "Search hijacking".

With the increase in search hijacking and it's negative effect on user choice and control, Mozilla is looking into ways to help users defend themselves.

Team

  • Support: Cheng Wang
  • PM: Sheila Mooney
  • Engineering: Gavin Sharp
  • QA: Juan Becerra
  • Security: Al Billings
  • Product: Asa Dotzler

Status/Update

  • Strawman for Q1: telemetry probe for scoping the problem, hardening keyword URLs.
  • Telemetry probes checked in 2/7.

Telemetry

  • Simple check 0/1 if pref has changed.
  • Tracking in Telemetry Dashboard.

Hardening keyword URLs

  • We are going to prompt everyone we see who have this changed their pref to a user-set value. The only way to get a user-set value for keyword.URL is:
    • Manually change the pref in about:config (or prefs.js in your profile)
    • Install an extension that programmatically sets the pref (rather than changing the pref in the "supported" way, by shipping a new pref default)
    • Have a third-party installer set the pref in your profile's prefs.js
  • The prompt will be a notification bar on search.
  • We will extend this to all languages.

Bugs/Tracking

  • bug 718088 - offer to re-set keyword.URL if it has a non-default value.
  • bug 724145 - telemetry for search hijacking.

Next Actions

Meeting Notes

Retrieved from "https://wiki.mozilla.org/index.php?title=Program_Management/Projects/SearchHijacking&oldid=396092"