Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

making anti-phishing extension more open

0 views
Skip to first unread message

Tony Chang

unread,
Mar 30, 2006, 1:06:28 PM3/30/06
to
Based on feedback and privacy/openness concerns with Google anti-phishing
extension expressed here:
https://bugzilla.mozilla.org/show_bug.cgi?id=329292
I would like to generalize the extension into an API that gives the user
control over which data provider to use for getting blacklists and
whitelists. Specifically, the extension code would be refactored and put
into two locations:

toolkit/components/protection
This would contain code for downloading and managing url
blacklist and whitelist data. Specifically, it would
include ListManager and TRTables described here:
http://wiki.mozilla.org/Safe_Browsing:_Design_Documentation#Major_Abstractions
and use the wire format described here:
http://wiki.mozilla.org/Safe_Browsing:_Design_Documentation#The_Server_Side

browser/components/protection
This would contain code for monitoring HTTP requests, comparing
urls to the blacklists/whitelists, and displaying the warning dialog:
http://wiki.mozilla.org/Safe_Browsing:_Design_Documentation#Warning_Dialog_UI

The specific URLs that the ListManager uses would be left as user prefs
and the Google branding elements of the warning dialog would be removed.

I will try to get this change ready by alpha 2. For alpha 2, the URL to
fetch blacklist/whitelist data will be left blank while we figure out a
good way to configure data providers.

Feedback welcome.

Tony

Darin Fisher

unread,
Mar 30, 2006, 9:38:41 PM3/30/06
to dev-apps...@lists.mozilla.org, Scott MacGregor

This sounds like a great plan to me. I know that Thunderbird would
likely be interested in leveraging the toolkit/ component. You should
probably post to mozilla.dev.platform as well to inform platform
people, who may not be watching this list, of this proposal.

Cheers,
-Darin

Ben Goodger

unread,
Mar 31, 2006, 12:52:39 PM3/31/06
to Tony Chang
Tony Chang wrote:
> toolkit/components/protection
> This would contain code for downloading and managing url
> blacklist and whitelist data. Specifically, it would
> include ListManager and TRTables described here:
> http://wiki.mozilla.org/Safe_Browsing:_Design_Documentation#Major_Abstractions
> and use the wire format described here:
> http://wiki.mozilla.org/Safe_Browsing:_Design_Documentation#The_Server_Side

Is there an IDL interface for these components? That might be worth
defining, too.

-Ben

Tony Chang

unread,
Mar 31, 2006, 1:29:43 PM3/31/06
to

Will do.

Tony

Scott MacGregor

unread,
Mar 31, 2006, 7:11:23 PM3/31/06
to

Tony,

This sounds great and is something I've been thinking about too. I wrote down some *very* rough thoughts about how I could try to leverage the anti-phishing extension over in Thunderbird (http://wiki.mozilla.org/Thunderbird2:Phishing). toolkit/components/protection sounds like a great spot for the blacklist and white list management code as it allows any toolkit app to access the lists.

If I can help assist in this project, feel free to let me know. I also wouldn't mind helping out with the interface definition for interacting with the black list and white list tables.

Thanks for tackling this problem.

-Scott

Brian Rakowski

unread,
Apr 3, 2006, 12:49:19 PM4/3/06
to
Not to be a party pooper, but there are significant licensing issues to
be worked out before the Safe Browsing data can be used in Thunderbird
(or Firefox for that matter). I'm working on getting these resolved as
quickly as I can but extending licenses to cover Firefox is my top
priority. I will try to extend to Thunderbird where I can as well.
One option for Thunderbird is to take advantage of the open
infrastructure for plugging in a data provider and licensing one or
more blacklists directly.

0 new messages