User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0.2 Safari/602.3.12 Steps to reproduce: To navigate the website: http://www.hidosteaksushi.com or http://www.cheapferragamobelts.com/ or http://www.comprarrunnings.es/ or http://cheap-pandorashop.com just to name a few. Actual results: I could navigate through those FAKE websites as usual. Any unsuspected user would be able to purchase items from them without suspecting those websites are related with the online counterfeiting. Expected results: Any kind of warning, as a red bar, should let the Firefox user know he is browsing a website related with the online counterfeiting. By flagging those FAKE sites as suspicious natively by Firefox will put Firefox ahead in the fight against this increasing online fraud as reported by: http://www.reuters.com/article/us-prada-fakes-website-idUSKCN0V024I https://www.theguardian.com/technology/2014/oct/20/internet-service-providers-fake-goods-high-court-rules http://www.bailii.org/ew/cases/EWHC/Ch/2003/3354.html Page 7, table 1 (Luxury knock offs) https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43798.pdf The desenmascara.me project collect all these FAKE sites and share the information with Virustotal: https://virustotal.com/en/url/2a09c31fa2c406600913df978793feb35f35aa0636ab9a18184fafa9114031af/analysis/ The data is 99% accurate. The problem might be with the false negatives but that could be improved with users notifying such websites to be flagged as such (after confirmation). The only thing needed is to raise awareness about this online fraud and this could be a good opportunity for Mozilla. I would be happy to provide a custom API to support this feature in Firefox.
Thanks Emilio for this, it sounds like an enhancement to me. I think this should be under Core: Security for the right people to look at it.
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Component: Untriaged → Security
Ever confirmed: true
Product: Firefox → Core
Unless these sites are serving malware or are otherwise a risk to the security of our users or the web at large, I think we're unlikely to develop a feature around this.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
Many thanks Ovidiu and David for the feedback. David, that's the problem -the low awareness of this online fraud-. These sites are a risk to the security of Internet users. A recent example: the FAKE website targeting to the brand "FURLA" in the past: http://www.furla-outlet.com is now hosting badware: https://virustotal.com/en/url/af0be40542cbe4a0e527bb04bf60ce4181db27180fe1904efafb0bf9fc51dbe3/analysis/1484559487/ as already pointed out in the paper "Framing Dependencies Introduced by Underground Commoditization ": https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43798.pdf Its ALL related, those FAKE sites, targeting to the brands and luring to the users are a risk in Internet. If Firefox would came with a feature like this: "warning when a user is browsing such FAKE sites related with the online counterfeiting" would be a great key advantage over another browsers. Do you think that browsing over any similar website as below without any kind of warning is safe for your users?: http://www.rbutg.com http://www.outletuggs.com.co http://www.mkhandbagsoutlet.com http://www.barboursaleuk.top http://www.underarmourstore-outlet.com http://www.belstaffsale-store.uk http://www.adidas-outlet.org http://www.montblancpensoutletonlinecheapsale.com The average time of those FAKE sites available online is around 1 year and a half based on the research performed tracking them. Enough to lure users and to support the underground economy.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
I'm still not convinced this is appropriate as a security feature for Firefox users. If you disagree, it would be best to start a discussion somewhere like firefox-dev: https://mail.mozilla.org/listinfo/firefox-dev
Status: REOPENED → RESOLVED
Last Resolved: 2 years ago → 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.