MozillaWiki

Program Management/Projects/SearchHijacking

< Program Management
Revision as of 05:14, 10 February 2012 by Smooney (talk | contribs) (→‎Hardening keyword URLs)

Background

Web search is a lucrative business and so the search integration points in Web browsers have become a target for add-ons -- from legitimate, to grayware, to malware. The collection of techniques used to circumvent browser search defaults to funnel search revenues to third parties is referred to as "Search hijacking".

With the increase in search hijacking and it's negative effect on user choice and control, Mozilla is looking into ways to help users defend themselves.

Team

  • Support: Cheng Wang
  • PM: Sheila Mooney
  • Engineering: Gavin Sharp
  • QA: Juan Becerra
  • Security: Al Billings
  • Product: Asa Dotzler

Status/Update

  • Strawman for Q1: telemetry probe for scoping the problem, hardening keyword URLs.
  • Telemetry probes checked in 2/7.

Telemetry

  • Simple check 0/1 if pref has changed.
  • Tracking in Telemetry Dashboard.

Hardening keyword URLs

  • We are going to prompt everyone we see who has changed keyword.URL to a user-set value.
  • On search the users will be prompted when we detect the change and be presented with a notification prompt.
  • We can have the prompt only include "Yes, reset" and "No, don't ask again" buttons (exact text still TBD), and keep showing the notification bar on searches until we get one of those responses.
  • The Bing builds we distribute wouldn't be affected by this (their default value is different, it's not "user-set").
  • Extensions that change this value properly (by shipping a different default pref as opposed to programmatically setting the pref) also wouldn't be affected by this.
  • Users who manually change the value voluntarily can just ignore the prompt (very small minority).
  • We will extend this to all languages builds. We thought of doing en-US only at first but see no real reason to do this.

Bugs/Tracking

  • bug 718088 - offer to re-set keyword.URL if it has a non-default value.
  • bug 724145 - telemetry for search hijacking.

Next Actions

  • Cheng - work on text for prompt.
  • Limi - mockup for notification.
  • Sheila - coordinate with Kev on text/wording re: partners.
  • Sheila - coordinate with PR so they understand the feature.

Meeting Notes

Retrieved from "https://wiki.mozilla.org/index.php?title=Program_Management/Projects/SearchHijacking&oldid=396096"