Hardcode tracking protection blocking of trackertest.org and itisatracker.org

VERIFIED FIXED in Firefox 42

Status

()

Toolkit
Safe Browsing
P1
normal
Rank:
26
VERIFIED FIXED
2 years ago
2 years ago

People

(Reporter: javaun, Assigned: MattN)

Tracking

42 Branch
mozilla42
Points:
3
Dependency tree / graph
Bug Flags:
firefox-backlog +
qe-verify +

Firefox Tracking Flags

(firefox42 verified)

Details

(Whiteboard: [fxprivacy] [campaign])

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
We purchased a domain to test blocklisting via Tracking Protection. 

Hardcode blocking of the domain trackertest.org in the URL classifier.
(Reporter)

Updated

2 years ago
Whiteboard: [fxprivacy]

Updated

2 years ago
Flags: qe-verify?
Flags: firefox-backlog+

Updated

2 years ago
Blocks: 1177978

Updated

2 years ago
Rank: 26
Priority: -- → P2
I think I know what to do here.
Assignee: nobody → MattN+bmo
Status: NEW → ASSIGNED
Iteration: --- → 42.2 - Jul 27
Points: --- → 3
Component: General → Safe Browsing
Flags: qe-verify? → qe-verify+
Product: Core → Toolkit
Created attachment 8636891 [details]
MozReview Request: Bug 1185549 - Add two test domains to test-track-simple for testing and touring tracking protection. r=francois

Bug 1185549 - Add "trackertest.org/its-a-track/" to test-track-simple for testing and touring tracking protection. r=francois
Attachment #8636891 - Flags: review?(francois)

Updated

2 years ago
Priority: P2 → P1
QA Contact: mwobensmith

Updated

2 years ago
Whiteboard: [fxprivacy] → [fxprivacy] [campaign]
Ha, it looks like we were working on the same thing :)

https://bugzilla.mozilla.org/show_bug.cgi?id=1182876
So how should we move forward? Do you want to add this URL to your patch and dupe to there?
Flags: needinfo?(francois)
(In reply to Matthew N. [:MattN] from comment #4)
> So how should we move forward? Do you want to add this URL to your patch and
> dupe to there?

So I don't really care what test domains we use (trackertest.org or itisatracker.org) but we need two domains, so either we buy trackertest.com (or .net) and we use that, or we should switch to itisatracker.(org|com) since I've got both.

Also, we'll need to file a follow-up bug to get something like https://github.com/mozilla/itisatracker.org deployed somewhere so that these fake trackers return a 200 to make the test page on bug 1149825 work.

For the gecko patch, feel free to merge what I did in bug 1182876 into your patch since you'll probably get that done before I'm back from PTO (on the 27th). I also started updating your UI tests to take advantage of the new URLs (https://bitbucket.org/fmarier/mozilla-central-mq-1182876/src/83eb0a24ef687c3790ae0b5296fb3b0063b38b60/bug1182876-uitests.patch?at=default) though the first UI test is failing and I'm not sure why.
Flags: needinfo?(francois)
Comment on attachment 8636891 [details]
MozReview Request: Bug 1185549 - Add two test domains to test-track-simple for testing and touring tracking protection. r=francois

https://reviewboard.mozilla.org/r/13747/#review12421

::: toolkit/components/url-classifier/SafeBrowsing.jsm:217
(Diff revision 1)
> +    const trackerURL  = "trackertest.org/its-a-track/";

Let's blacklist all of it: trackertest.org/

::: modules/libpref/init/all.js:4722
(Diff revision 1)
> -pref("urlclassifier.trackingTable", "mozpub-track-digest256");
> +pref("urlclassifier.trackingTable", "test-track-simple,mozpub-track-digest256");

You'll need to add the new table to urlclassifier.disallow_completions as well.
Attachment #8636891 - Flags: review?(francois)
(Reporter)

Comment 7

2 years ago
(In reply to François Marier [:francois] from comment #5)
> (In reply to Matthew N. [:MattN] from comment #4)
> > So how should we move forward? Do you want to add this URL to your patch and
> > dupe to there?
> 
> So I don't really care what test domains we use (trackertest.org or
> itisatracker.org) but we need two domains, so either we buy trackertest.com
> (or .net) and we use that, or we should switch to itisatracker.(org|com)
> since I've got both.
> 
> Also, we'll need to file a follow-up bug to get something like
> https://github.com/mozilla/itisatracker.org deployed somewhere so that these
> fake trackers return a 200 to make the test page on bug 1149825 work.
> 
> For the gecko patch, feel free to merge what I did in bug 1182876 into your
> patch since you'll probably get that done before I'm back from PTO (on the
> 27th). I also started updating your UI tests to take advantage of the new
> URLs
> (https://bitbucket.org/fmarier/mozilla-central-mq-1182876/src/
> 83eb0a24ef687c3790ae0b5296fb3b0063b38b60/bug1182876-uitests.
> patch?at=default) though the first UI test is failing and I'm not sure why.

Let's coordinate Francois. We have hosting already lined up with engagement engineering: meta 
bug 1184733. Curious, why do we need two domains? I'm agnostic on domains, but we should take advantage of the engagement team's help to build it out. We'd like to take all of this off platform's hands to not block on entity work.
(In reply to Javaun Moradi [:javaun] from comment #7)
> Let's coordinate Francois. We have hosting already lined up with engagement
> engineering: meta 
> bug 1184733. Curious, why do we need two domains?

We need two domains so that we can blacklist both and then put one of them (but not the other) on the whitelist.
(Reporter)

Comment 9

2 years ago
We own all three, let's hardcode all three domains. We need a decision quickly the website itself. 

Engagement Engineering is setting up a simple site for trackertest.org, with some level of resiliency, and SSL support. I can have them resolve all three domains to the same site.  I just need some clarity. 

Let's talk next week.
(Reporter)

Comment 10

2 years ago
New idea. We have three domains and need two. I may have quick use of a fake tracking domain that is not already hardcoded as blocked. If I was a developer wanting to test a blocking add-on on top of our platform API, it would be great to have a domain with an assortment of tracking loads. Let's chat in desktop scrum Monday
https://reviewboard.mozilla.org/r/13747/#review12421

> You'll need to add the new table to urlclassifier.disallow_completions as well.

It was already there a few lines up.
Comment on attachment 8636891 [details]
MozReview Request: Bug 1185549 - Add two test domains to test-track-simple for testing and touring tracking protection. r=francois

Bug 1185549 - Add three test domains to test-track-simple for testing and touring tracking protection. r=francois
Attachment #8636891 - Attachment description: MozReview Request: Bug 1185549 - Add "trackertest.org/its-a-track/" to test-track-simple for testing and touring tracking protection. r=francois → MozReview Request: Bug 1185549 - Add three test domains to test-track-simple for testing and touring tracking protection. r=francois
Attachment #8636891 - Flags: review?(francois)
The try push for the previous patch was green and I'm just adding 2 new domains so I don't expect any problems and relevant tests pass locally:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=d13dbe72d7d3
Comment on attachment 8636891 [details]
MozReview Request: Bug 1185549 - Add two test domains to test-track-simple for testing and touring tracking protection. r=francois

https://reviewboard.mozilla.org/r/13747/#review12803

::: toolkit/components/url-classifier/SafeBrowsing.jsm:234
(Diff revision 2)
> +                "a:1:32:" + trackerURL.length + "\n" +

The "1" after "a:" is the [chunk number](https://developers.google.com/safe-browsing/developers_guide_v2#HTTPResponseForDataBody) which I think needs to be unique for each entry.
Attachment #8636891 - Flags: review?(francois)
https://reviewboard.mozilla.org/r/13747/#review12421

> It was already there a few lines up.

You're right, I'm not sure how I missed that.
https://reviewboard.mozilla.org/r/13747/#review12809

::: toolkit/components/url-classifier/SafeBrowsing.jsm:219
(Diff revision 2)
> +      "itisatracker.com/",

As per https://bugzilla.mozilla.org/show_bug.cgi?id=1184733#c5, let's keep itisatracker.com for future use and live it out of the blocked list.
Attachment #8636891 - Attachment description: MozReview Request: Bug 1185549 - Add three test domains to test-track-simple for testing and touring tracking protection. r=francois → MozReview Request: Bug 1185549 - Add two test domains to test-track-simple for testing and touring tracking protection. r=francois
Attachment #8636891 - Flags: review?(francois)
Comment on attachment 8636891 [details]
MozReview Request: Bug 1185549 - Add two test domains to test-track-simple for testing and touring tracking protection. r=francois

Bug 1185549 - Add two test domains to test-track-simple for testing and touring tracking protection. r=francois
I manually confirmed that both test sites are blocked in a new profile.
Comment on attachment 8636891 [details]
MozReview Request: Bug 1185549 - Add two test domains to test-track-simple for testing and touring tracking protection. r=francois

https://reviewboard.mozilla.org/r/13747/#review12817

Ship It!
Attachment #8636891 - Flags: review?(francois) → review+

Comment 20

2 years ago
https://hg.mozilla.org/integration/fx-team/rev/3c7cfb8a8ec7
Summary: Hardcode blocking of trackertest.org → Hardcode tracking protection blocking of trackertest.org and itisatracker.org
Blocks: 1184733

Updated

2 years ago
Iteration: 42.2 - Jul 27 → 42.3 - Aug 10
https://hg.mozilla.org/mozilla-central/rev/3c7cfb8a8ec7
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-firefox42: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
Verified Fx42.0a1, 2015-07-30.
Status: RESOLVED → VERIFIED
status-firefox42: fixed → verified
You need to log in before you can comment on or make changes to this bug.