Security/Safe Browsing
= Name Change = Note: Safe Browsing has been renamed to Phishing Protection.= Overview =Google Safe Browsing was an anti-phishing extension released by Google on labs.google.com in December 2005. Google has released this extension to the Mozilla Foundation under MPL 1.1/GPL 2.0/LGPL 2.1 in order that it might be used as part of Firefox if desired. We've landed this change on the trunk as a global extension as of 7 March 2006. The next steps are to figure out whether this is something we want to use as the base for an anti-phishing feature in Firefox. Of course, whether it is enabled or even shipped is still a matter for discussion, as is the final form the extension might take, its UI, the way users opt-in, and the like.You can read the discussion that lead up to to its integration in https://bugzilla.mozilla.org/show_bug.cgi?id=329292== How to Enable ==* Add the following to your mozconfig file:
ac_add_options --enable-extensions=default,safe-browsing
* Set the preference "extensions.safebrowsing.enabled" to true* If you wish to see debugging output, open safe-browsing/src/loader.js and set G_GDEBUG to true (and G_GDEBUG_LOADER as well if you'd like)* Look under the Tools menu, and play with the SafeBrowsing option== Design Doc ==Phishing Protection: Design Documentation== Server Spec ==Phishing Protection: Server Spec== Client Spec ==Phishing Protection: Client Spec== Source Code ==The original extension code is in:http://lxr.mozilla.org/seamonkey/source/extensions/safe-browsingBug 337336 is for removing it since we've moved into the core browser.For integration with firefox, the code from the extension is broken into two parts:http://lxr.mozilla.org/seamonkey/source/browser/components/safebrowsing/http://lxr.mozilla.org/seamonkey/source/toolkit/components/url-classifier/The browser component contains the Phishing Warden, Controller, Browser View and Displayer described on the Phishing_Protection:_Design_Documentation#Major_Abstractions page.The toolkit component contains the ListManager and TRTables.== Major Open Issues ==* How (if at all) does the extension get enabled? What language to use to inform users of the privacy implications? How do they opt?* Content: is the branding OK? Is the language? Do we want to tweak the warning?* UI: Where's the most appropriate place for (1) the preferences (2) the test page and (3) the report-a-phishing-link functionality?* Ability to switch to other providers (need UI for it, need a bit of refactoring, etc.)* Can we make agreements with service providers (e.g., Google) that will increase the privacy guarantees for data collected? Can we provide service ourself (see Reporter: Phishing Protection Integration Discussion)?* Break into separate service and UI pieces?TODO: expand, file bugs== Important Bugs ==* Localization (e.g., do we turn it on in all locales? does the warning reder right with RTL languages? etc): https://bugzilla.mozilla.org/show_bug.cgi?id=329724* Make file I/O in non-enhanced mode better: https://bugzilla.mozilla.org/show_bug.cgi?id=329723* Play nicely with other people who change the status bar: https://bugzilla.mozilla.org/show_bug.cgi?id=329722* Fixed position XUL is apparently not officially supported... is there an alternative? https://bugzilla.mozilla.org/show_bug.cgi?id=329725== Other Bugs or Potential Improvements ==Are filed as bugs under Firefox / Safe Browsing== Contacts ==All the following are at g o o g l e d o t c o mprimary: niels, tc, fritzsecondary: sullivan, brakowski (product manager)