Closed
Bug 1358536
Opened 7 years ago
Closed 7 years ago
[ux] Malicious Software warning copy, design and illustration update
Categories
(Firefox :: General, enhancement, P1)
Firefox
General
Tracking
()
RESOLVED
FIXED
Iteration:
57.1 - Aug 15
People
(Reporter: mheubusch, Assigned: mheubusch)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [photon-visual][ux])
Attachments
(3 files, 1 obsolete file)
Screenshot of Chrome's opt-in checkbox for reporting bad pages users encounter
Update page design, illustration and copy of https://mozilla.invisionapp.com/share/ZKBC94BPQ#/screens/229470845 Copy <title>Malicious Software</title> <h1>Firefox blocked this page.</h1> <text>This page was blocked because it may install unwanted software that changes how your computer works when you browse the Web. <a href="https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work?as=u&utm_source=inproduct#w_unwanted-software">Learn more about how Firefox protects you</a> from dangerous and deceptive websites and why this page was blocked. [Get me out of here] [Ignore this warning and go to the page]
|
||
Updated•7 years ago
|
Status: NEW → ASSIGNED
Flags: qe-verify-
Priority: P2 → P1
|
|
||
Updated•7 years ago
|
Iteration: 55.4 - May 1 → 55.5 - May 15
|
||
Comment 1•7 years ago
|
||
We have three categories of pages that we block: - phishing (now called "deceptive") - malware - potentially unwanted software Is this bug only for the "malware" category? Are there separate bugs for the other two categories? Also, one of the things that this design changes is how easy/convenient it is to ignore the warnings. This has serious security implications since ignoring these warnings is almost always a huge mistake.
|
|
||
Updated•7 years ago
|
Flags: needinfo?(mheubusch)
|
|
||
Updated•7 years ago
|
Iteration: 55.5 - May 15 → 55.6 - May 29
Francois and Bram - I emailed this message (below) to you and it was blocked. Perhaps too much copy about malware? In any case, thank you for your feedback on this set of bugs. I've outlined revised copy (based on the Google guidelines) and still have two questions: 1. Where do we place the required Advisory provided by Google line on the page? 2. How do we solve the interaction issue? While putting a text link to proceed is less obscure than a button, this is still counterintuitive. Buttons usually signal the main or secondary actions related to the warning or notification. That’s why Aaron and I changed the interaction in the first place - to draw the user’s attention to the risk. That said, my advice would be to follow the pattern Google uses and we also use on the Cert Error you can bypass page, where we provide a button to See Details, with a modal or windowshade that includes a link that lets the user move forward to the problem site (not recommended). Are you ok with that? If so, I can relay this to Aaron and have this designed to look like Photon. If you’d like to provide a wireframe with this interaction and the Advisory copy, even better! For your review and Francois, here is the copy: Deceptive Site <title>Deceptive Site Warning</title> <h1>Warning—Deceptive site ahead</h1> <text>Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards. Learn more about deceptive sites and phishing at www.antiphishing.org. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org. [Go Back] [See Details] Advisory provided by Google. Safe Browsing Advisory (content appears upon selecting See Details) This site has been reported as a possible deceptive site. You can ignore this risk and go to <URL>. Malicious Site <title>Malware Warning</title> <h1>Warning—Visiting this web site may harm your computer. Firefox blocked this page because it appears to contain malicious software that may steal or delete personal information on your computer. Learn more about harmful web content including viruses and other malware and how to protect your computer at StopBadware.org. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org. [Go Back] [See Details] Advisory provided by Google. Safe Browsing Advisory (content appears upon selecting See Details) This site has been reported as possibly containing malicious software. You can ignore this risk and go to <URL>. Unwanted Software Site <title>Harmful Software Warning</title> <h1>Warning—The site ahead may contain harmful programs.</h1> Firefox blocked this page because it might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit). Learn more about harmful and unwanted software at Unwanted Software Policy. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org. [Go Back] [See Details] Advisory provided by Google. Safe Browsing Advisory (content appears upon selecting See Details) This site has been reported as possibly containing harmful software. You can ignore this risk and go to <URL>.
Flags: needinfo?(mheubusch) → needinfo?(bram)
|
|
||
Comment 3•7 years ago
|
||
By the way, we are not required to use the exact copy from Google. If we want to give it a distinctive "Firefox has got your back don't worry" flavor, that's fine. We just need to share our copy with them for their approval before it goes to release, which I can help with. (In reply to mheubusch from comment #2) > 1. Where do we place the required Advisory provided by Google line on the > page? We are not currently complying with that guideline since we don't attribute the warning to Google on our existing warning pages. This will require a little bit of record keeping to make sure that we don't display it for warnings that don't come from Google (e.g. http://itisatrap.org/firefox/its-a-trap.html). I will file a follow-up bug for this. In terms of where it should go, perhaps in the "details" sub-panel that you are proposing? > That said, my > advice would be to follow the pattern Google uses and we also use on the > Cert Error you can bypass page, where we provide a button to See Details, > with a modal or windowshade that includes a link that lets the user move > forward to the problem site (not recommended). Are you ok with that? Sounds good to me. > Deceptive Site > > <title>Deceptive Site Warning</title> > > <h1>Warning—Deceptive site ahead</h1> > > <text>Firefox blocked this page because it may trick you into doing > something dangerous like installing software or revealing personal > information like passwords or credit cards. > Learn more about deceptive sites and phishing at www.antiphishing.org. Learn > more about Firefox’s Phishing and Malware Protection at support.mozilla.org. > > [Go Back] [See Details] Looks good. > (content appears upon selecting See Details) This site has been reported as > a possible deceptive site. You can ignore this risk and go to <URL>. I would suggest stronger wording here: "reported as a possible deceptive site" -> "reported as a deceptive site" since the number of false positives on the list is low, we should avoid downplaying the risk. Secondly, I think that having the URL as a link there is likely to make it easier to see and may lead users to click the link without reading the sentence before it? Finally, the last sentence might be an opportunity to tell users to be careful. For instance, instead of "ignore this risk and go to URL", we could say something along the lines of (depending on what tone we use in Photon): If you're sure this is a mistake, you can still visit the site, but please be careful! > Malicious Site > <title>Malware Warning</title> > > <h1>Warning—Visiting this web site may harm your computer. > > Firefox blocked this page because it appears to contain malicious software > that may steal or delete personal information on your computer. > Learn more about harmful web content including viruses and other malware and > how to protect your computer at StopBadware.org. Learn more about Firefox’s > Phishing and Malware Protection at support.mozilla.org. One of the things that these sites often do is cause malicious software to be downloaded/installed. I wonder if we should include that as part of the warning. > Unwanted Software Site > <title>Harmful Software Warning</title> > <h1>Warning—The site ahead may contain harmful programs.</h1> > Firefox blocked this page because it might try to trick you into installing > programs that harm your browsing experience (for example, by changing your > homepage or showing extra ads on sites you visit). > Learn more about harmful and unwanted software at Unwanted Software Policy. > Learn more about Firefox’s Phishing and Malware Protection at > support.mozilla.org. Looks good.
|
||
Comment 4•7 years ago
|
||
(In reply to mheubusch from comment #2) > […] my > advice would be to follow the pattern Google uses and we also use on the > Cert Error you can bypass page, where we provide a button to See Details, > with a modal or windowshade that includes a link that lets the user move > forward to the problem site (not recommended). Are you ok with that? If so, > I can relay this to Aaron and have this designed to look like Photon. This sounds great! I’m okay with putting the URL behind a “See Details” button. What I’ll do is take the copy you’ve written, incorporate Francois’ suggestions and put it into Aaron’s design template tomorrow. It’ll be much quicker that way, and clearer when we all can see what the final design will look like. I’ll ping Aaron for this file privately.
Flags: needinfo?(bram)
|
|
||
Comment 5•7 years ago
|
||
Bram, one more thing I forgot to mention is that we'll need a new checkbox on these pages soon since we are adding (in bug 1331138) the ability for users to report the bad pages they see (opt in). That would be very similar to the checkbox we have on TLS error pages ("Report errors like this to help Mozilla identify and block malicious sites"). See https://expired.badssl.com/ for an example. The main difference is that it would be sent to Google instead of Mozilla and so the checkbox caption should reflect that. So it might be worth to include this in your designs too to make sure that all of the elements make sense.
Blocks: 1331138
|
|
||
Comment 6•7 years ago
|
||
Here's a screenshot of the checkbox that Chrome has.
|
|
||
Comment 7•7 years ago
|
||
I’ve updated the copy with the ones Michelle had provided on comment 2, plus Francois’ suggestions on comment 3. * Advisory by Google: inside “See Details” panel * Add checkbox to report problem to Google: * “Report errors like this to help Google identify and block malicious sites.” * This is accurate, but it also doesn’t say ‘Mozilla’ and might confuse users? Maybe not such a big problem. * Stronger wording: * Before: “possible deceptive site” * After: “deceptive site” * Make the URL harder to notice, and tell users to be careful: * Before: “You can ignore this risk and go to <URL>.” * After: “If you’re sure that there was a mistake, you may <visit this unsafe site>, but please be careful!” * Make Malicious Software (Malware) page carry a warning that it may cause software installation without consent * Before: “Firefox blocked this page because it appears to contain malicious software…” * After: “Firefox blocked this page because it might attempt to install malicious software…” Finally, I’ve put this new copy on the Photon design template: * Deceptive (phishing): https://cl.ly/0N30232Q3I2L * Malicious Software (Malware): https://cl.ly/2o371u2L0505 * Unwanted Software: https://cl.ly/3C002X1b3m3W What do you both think?
Flags: needinfo?(mheubusch)
Flags: needinfo?(francois)
|
|
||
Updated•7 years ago
|
Iteration: 55.6 - May 29 → 55.7 - Jun 12
(In reply to Bram Pitoyo [:bram] from comment #7) > I’ve updated the copy with the ones Michelle had provided on comment 2, plus > Francois’ suggestions on comment 3. > > * Advisory by Google: inside “See Details” panel > > * Add checkbox to report problem to Google: > * “Report errors like this to help Google identify and block malicious > sites.” > * This is accurate, but it also doesn’t say ‘Mozilla’ and might confuse > users? Maybe not such a big problem. > > * Stronger wording: > * Before: “possible deceptive site” > * After: “deceptive site” > > * Make the URL harder to notice, and tell users to be careful: > * Before: “You can ignore this risk and go to <URL>.” > * After: “If you’re sure that there was a mistake, you may <visit this > unsafe site>, but please be careful!” > > * Make Malicious Software (Malware) page carry a warning that it may cause > software installation without consent > * Before: “Firefox blocked this page because it appears to contain > malicious software…” > * After: “Firefox blocked this page because it might attempt to install > malicious software…” > > > Finally, I’ve put this new copy on the Photon design template: > > * Deceptive (phishing): https://cl.ly/0N30232Q3I2L > * Malicious Software (Malware): https://cl.ly/2o371u2L0505 > * Unwanted Software: https://cl.ly/3C002X1b3m3W > > > What do you both think? Hi Bram - these look really good. I agree with your concern about the addition of the send to google checkbox - think it is confusing to have content about Firefox and what we are doing and then have a line of copy that says "Send to google so that WE can . .." I think this could either suggest that Firefox is owned by Google or that we just copied and pasted an error message from google. Think the best way to solve this is to bring the "Advisory by Google" tag next to or before this check box and change the copy to "Report errors like this to Google to help identify and block malicious > sites for all browsers that use their advisory service." Or just to "Report errors like this to Google to help identify and block malicious > sites" Think it is an important distinction to say that they user is reporting to Google, and not just submitting a report (to who) that will help Google. I can ask legal if you want though. Also, and a really small thing, can you remove the period at the end of the two headlines that have them - I broke my own rule by putting them in there. Once we are set I will update all strings for easier engineering copy/paste.
Flags: needinfo?(mheubusch) → needinfo?(bram)
|
|
||
Comment 9•7 years ago
|
||
(In reply to Bram Pitoyo [:bram] from comment #7) > Finally, I’ve put this new copy on the Photon design template: > > * Deceptive (phishing): https://cl.ly/0N30232Q3I2L > * Malicious Software (Malware): https://cl.ly/2o371u2L0505 > * Unwanted Software: https://cl.ly/3C002X1b3m3W > > What do you both think? That looks great Bram! Also, I like Michelle's idea of grouping the Google advisory with the Google checkbox together. I took another look at the Chrome warnings and here are a few more things we may want to consider for the redesign: 1. Should we move the "Learn more about deceptive sites and phishing at www.antiphishing.org ... and support.mozilla.org." paragraph to the "Details" panel? It would give more space for the Advisory link and the checkbox and reduce the amount of information that's presented upfront. 2. Should we link the words "malicious software" or "deceptive software" (in the Details panel) to https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html?hl=en-GB#url=http://testsafebrowsing.appspot.com/s/malware.html? Chrome does that and it provides some more information about why a particular site was blocked. 3. Should we link to the forms for reporting errors in the list (https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla and https://www.stopbadware.org/firefox for phishing and malware respectively)? Chrome has it in the Details panel for phishing only: "You can report a _detection problem_ or, if you understand the risks to your security, visit this unsafe site."
Flags: needinfo?(francois)
|
|
||
Comment 10•7 years ago
|
||
Attachment #8870151 -
Attachment is obsolete: true
|
|
||
Comment 11•7 years ago
|
||
|
|
||
Comment 12•7 years ago
|
||
|
Assignee | |
Comment 13•7 years ago
|
||
I agree with all of your suggestions, Francois. Here is the updated copy, Bram - do you want to comp this up? Deceptive Site <title>Deceptive Site Warning</title> <h1>Warning—Deceptive site ahead</h1> <text>Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards. Advisory provided by Google Safe Browsing [ ] Report errors like this to help Google identify and block malicious sites [Go Back] [See Details] (content appears upon selecting See Details) This site has been <a href = "https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html?hl=en-GB#url=http://testsafebrowsing.appspot.com/s/malware.html" reported as a possible deceptive site"</a>. You can report a <a href = "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla" detection problem</a> or ignore this risk and go to <URL>. Learn more about deceptive sites and phishing at www.antiphishing.org. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org. Malicious Site <title>Malware Warning</title> <h1>Warning—Visiting this web site may harm your computer Firefox blocked this page because it appears to contain malicious software that may steal or delete personal information on your computer. Advisory provided by Google Safe Browsing [ ] Report errors like this to help Google identify and block malicious sites [Go Back] [See Details] (content appears upon selecting See Details) This site has been <a href = "https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html?hl=en-GB#url=http://testsafebrowsing.appspot.com/s/malware.html" reported as possibly containing malicious software</a>. You can report a <a href = "https://www.stopbadware.org/firefox" detection problem</a> or ignore this risk and go to <URL>. Learn more about harmful web content including viruses and other malware and how to protect your computer at StopBadware.org. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org. Unwanted Software Site <title>Harmful Software Warning</title> <h1>Warning—The site ahead may contain harmful programs</h1> Firefox blocked this page because it might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit). Advisory provided by Google Safe Browsing [ ] Report errors like this to help Google identify and block malicious sites. [Go Back] [See Details] (content appears upon selecting See Details) This site has been reported as possibly containing harmful software. You can ignore this risk and go to <URL>. Learn more about harmful and unwanted software at Unwanted Software Policy. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org.
Flags: needinfo?(bram)
|
|
||
Comment 14•7 years ago
|
||
(In reply to mheubusch from comment #13) > Deceptive Site > > (content appears upon selecting See Details) This site has been <a href = > "https://www.google.com/transparencyreport/safebrowsing/diagnostic/index. > html?hl=en-GB#url=http://testsafebrowsing.appspot.com/s/malware.html" > reported as a possible deceptive site"</a>. You can report a <a href = > "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla" > detection problem</a> or ignore this risk and go to <URL>. I think you accidentally lost the changes that Bram made in comment 7. Why not use the copy from https://cl.ly/0N30232Q3I2L and just tweak it to add the links: [[website]] has been <a href="GOOGLE">reported as a deceptive site</a>. If you're sure that there was a mistake, you may <a href="GOOGLE">report a detection problem</a> or <a href="SITE">visit this unsafe site</a>, but please be careful! > Malicious Site > > (content appears upon selecting See Details) This site has been <a href = > "https://www.google.com/transparencyreport/safebrowsing/diagnostic/index. > html?hl=en-GB#url=http://testsafebrowsing.appspot.com/s/malware.html" > reported as possibly containing malicious software</a>. You can report a <a > href = "https://www.stopbadware.org/firefox" detection problem</a> or ignore > this risk and go to <URL>. Based on https://cl.ly/2o371u2L0505: [[website]] has been <a href="GOOGLE">reported as containing malicious software</a>. If you're sure that there was a mistake, you may <a href="STOPBADWARE">report a detection problem</a> or <a href="SITE">visit this unsafe site</a>, but please be careful! > Unwanted Software Site > > (content appears upon selecting See Details) This site has been reported as > possibly containing harmful software. You can ignore this risk and go to > <URL>. We can also link to the report for unwanted software. There is no way to report "detection problems" though. Based on https://cl.ly/3C002X1b3m3W: [[website]] has been <a href="GOOGLE">reported as containing harmful software</a>. If you're sure that there was a mistake, you may <a href="SITE">visit this unsafe site</a>, but please be careful!
|
|
||
Updated•7 years ago
|
Flags: needinfo?(mheubusch)
|
|
||
Comment 15•7 years ago
|
||
I’ve updated the copy to combine both of your recommendations: Deceptive Site -------------- https://cl.ly/082p2I2W3c0o (content appears upon selecting See Details) [[website]] has been <a href="GOOGLE">reported as a deceptive site</a>. You can <a href="GOOGLE">report a detection problem</a> or <a href="SITE">ignore the risk</a> and go to this unsafe site</a>. Malicious Site -------------- https://cl.ly/3N1y0k1M1w04 (content appears upon selecting See Details) [[website]] has been <a href="GOOGLE">reported as containing malicious software</a>. You can <a href="GOOGLE">report a detection problem</a> or <a href="SITE">ignore the risk and go to this unsafe site</a>. Unwanted Software Site ---------------------- https://cl.ly/0j2n310G0Z2V (content appears upon selecting See Details) [[website]] has been <a href="GOOGLE">reported as containing harmful software</a>. You can <a href="SITE">ignore the risk</a> and go to this unsafe site. [There’s no way to report detection problem, so we eliminate that link.] What do you think, Francois and MHeubusch?
Flags: needinfo?(francois)
|
|
||
Comment 16•7 years ago
|
||
(In reply to Bram Pitoyo [:bram] from comment #15) > Deceptive Site > -------------- > > https://cl.ly/082p2I2W3c0o Tiny mistake: "Google Safe Browsing" in the advisory text should be a link to the Google advisory page (https://developers.google.com/safe-browsing/v4/advisory). > What do you think, Francois and MHeubusch? Looks good to me. One question: do we need the "Warning: " prefix in the titles? Given the red scary background, it seems implied that this is a warning.
Flags: needinfo?(francois)
|
|
||
Updated•7 years ago
|
Iteration: 55.7 - Jun 12 → 56.1 - Jun 26
|
|
||
Comment 17•7 years ago
|
||
Perhaps we don’t.(In reply to François Marier [:francois] from comment #16) > One question: do we need the "Warning: " prefix in the titles? Given the red > scary background, it seems implied that this is a warning. I agree that taking the “Warning” string out wouldn’t take away the severity of our message, and would make our string a bit shorter. Let’s do that. Updated mocks below. Deceptive (phishing): https://cl.ly/3O3C1J0l0m3p Malicious Software (malware): https://cl.ly/1y1D1f1J2J3X Unwanted: https://cl.ly/2H2k2U0o3F3n
|
|
||
Comment 18•7 years ago
|
||
(In reply to Bram Pitoyo [:bram] from comment #17) > Perhaps we don’t.(In reply to François Marier [:francois] from comment #16) > > One question: do we need the "Warning: " prefix in the titles? Given the red > > scary background, it seems implied that this is a warning. > > I agree that taking the “Warning” string out wouldn’t take away the severity > of our message, and would make our string a bit shorter. Let’s do that. Looks better! > Updated mocks below. > > Deceptive (phishing): https://cl.ly/3O3C1J0l0m3p BTW, the phishing one is still missing the link on "Google Safe Browsing" (as noted in comment 16). > Malicious Software (malware): https://cl.ly/1y1D1f1J2J3X > Unwanted: https://cl.ly/2H2k2U0o3F3n I just re-reviewed Michelle's changes from comment 13 and it looks like there are three things missing. The first is her suggested change the checkbox copy: "[ ] Report errors like this to help Google identify and block malicious sites." (removing the "we" next to Google) Secondly, it looks like she removed the period at the end of the main heading for the pages (i.e. "Deceptive site ahead" instead of "Deceptive site ahead."). Maybe we should update that too? Finally, all of the mocks are missing the second paragraph in the details panels (the one with SUMO links): "Learn more about deceptive sites and phishing at www.antiphishing.org. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org." "Learn more about harmful web content including viruses and other malware and how to protect your computer at StopBadware.org. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org." "Learn more about harmful and unwanted software at Unwanted Software Policy. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org."
|
|
||
Comment 19•7 years ago
|
||
(In reply to François Marier [:francois] from comment #18) > BTW, the phishing one is still missing the link on "Google Safe Browsing" > > [and] there are three things missing. > > The first is her suggested change the checkbox copy: > (removing the "we" next to Google) > > Secondly, it looks like she removed the period at the end of the main > heading for the pages > > Finally, all of the mocks are missing the second paragraph in the details > panels (the one with SUMO links) You’re right on all counts. I’ve fixed these problems. See the mocks below: Deceptive (phishing): https://cl.ly/133s093C2A3x Malicious Software (malware): https://cl.ly/3R3P0f3d2824 Unwanted: https://cl.ly/3v0F2K2u3c2u Hopefully we should be good to go now!
|
||
Comment 20•7 years ago
|
||
(In reply to mheubusch from comment #2) > <text>Firefox blocked this page because it may trick you into doing > something dangerous like installing software or revealing personal > information like passwords or credit cards. As a non native speaker, this feels like a lot to read without pauses (no commas). Also the two "like" so close to each feel off. I wonder if "something dangerous, for example installing software, or revealing…" would work better.
|
|
||
Comment 21•7 years ago
|
||
(In reply to Bram Pitoyo [:bram] from comment #19) > You’re right on all counts. I’ve fixed these problems. See the mocks below: > > Deceptive (phishing): https://cl.ly/133s093C2A3x > Malicious Software (malware): https://cl.ly/3R3P0f3d2824 > Unwanted: https://cl.ly/3v0F2K2u3c2u > > Hopefully we should be good to go now! Looks good to me. I will run these past Google tomorrow to see if they have any concerns. It would be good to have Michelle take another look too and see if she wants to rephrase anything to address flod's concerns in comment 20.
|
|
||
Comment 22•7 years ago
|
||
Google hasn't said anything about the new mocks so we can assume it's fine. I just realized that Photon also covers Android. Could you please also include a Desktop mock for this one: The site ahead may contain malware Attackers might attempt to install dangerous apps on your device that steal or delete your information (for example, photos, passwords, messages, and credit cards). Advisory provided... [ ] Reports errors like these ... See details: [[website]] has been <a href="">reported as containing a potentially harmful application</a>. You can <a href="">ignore the risk</a> and go to this unsafe site. Learn more about Firefox's Phishing and Malware Protection at support.mozilla.org.
Blocks: 1375277
Flags: needinfo?(bram)
|
|
||
Comment 23•7 years ago
|
||
Thanks for pointing out our Android gap, Francois. Here are the mocks. Deceptive (phishing): https://cl.ly/1E2F2o2d1X0m Malicious Software (malware): https://cl.ly/0i1y461W3k3G Unwanted: https://cl.ly/0j3S161U1m1P The way it works: instead of the “See details” section being a white box, on Android (and I’m guessing iOS) it’s an opaque overlay over the content that comes with a “Hide details” and a quit “x” buttons.
Flags: needinfo?(bram)
|
|
||
Updated•7 years ago
|
Iteration: 56.1 - Jun 26 → 56.2 - Jul 10
|
|
||
Comment 24•7 years ago
|
||
(In reply to Bram Pitoyo [:bram] from comment #23) > Unwanted: https://cl.ly/0j3S161U1m1P nit: that one shouldn't have an option to report a detection error. Are you also able to mock-up the fourth type of warning page ("potentially harmful application") I described in comment 22? We should have: - Deceptive (phishing): https://cl.ly/133s093C2A3x (Android: https://cl.ly/1E2F2o2d1X0m) - Malicious Software (malware): https://cl.ly/3R3P0f3d2824 (Android: https://cl.ly/0i1y461W3k3G) - Unwanted: https://cl.ly/3v0F2K2u3c2u (Android: TOFIX) - Potentially Harmful Applications: TODO (Android: TODO)
Flags: needinfo?(bram)
|
|
||
Comment 25•7 years ago
|
||
(In reply to François Marier [:francois] from comment #24) > nit: that one shouldn't have an option to report a detection error. Fixed below. > Are you also able to mock-up the fourth type of warning page ("potentially > harmful application") I described in comment 22? Yes. Sorry I had misread your message and didn’t realise that potentially harmful application (PHA) is a separate category from malware. I’ve modified the text a tiny little bit so it lines up with the rest of our copy. Instead of: > Attackers might attempt to install dangerous apps on your device that steal or delete your information (for example, photos, passwords, messages, and credit cards). We say instead: > Firefox blocked this page because it might try to install dangerous apps that steal or delete your information (for example, photos, passwords, messages, and credit cards). Our final list with fixes looks like this: - Deceptive (phishing): https://cl.ly/133s093C2A3x (Android: https://cl.ly/1E2F2o2d1X0m) - Malicious Software (malware): https://cl.ly/3R3P0f3d2824 (Android: https://cl.ly/0i1y461W3k3G) - Unwanted: https://cl.ly/3v0F2K2u3c2u (Android: https://cl.ly/2r0d1A0B0g3M) - Potentially Harmful Applications: https://cl.ly/0X0T0D1U270w (Android: https://cl.ly/401M3R1o2g25)
Flags: needinfo?(bram)
|
|
||
Comment 26•7 years ago
|
||
(In reply to Bram Pitoyo [:bram] from comment #25) > Our final list with fixes looks like this: > > - Deceptive (phishing): https://cl.ly/133s093C2A3x (Android: > https://cl.ly/1E2F2o2d1X0m) > - Malicious Software (malware): https://cl.ly/3R3P0f3d2824 (Android: > https://cl.ly/0i1y461W3k3G) > - Unwanted: https://cl.ly/3v0F2K2u3c2u (Android: https://cl.ly/2r0d1A0B0g3M) > - Potentially Harmful Applications: https://cl.ly/0X0T0D1U270w (Android: > https://cl.ly/401M3R1o2g25) That looks really good to me. Let's get a final signoff from Michelle.
|
|
Assignee | |
Comment 27•7 years ago
|
||
Yes - this is great. Consider me signed off. Thanks, Bram and Francois, for working to get these pages where they need to be.
Flags: needinfo?(mheubusch)
|
|
||
Updated•7 years ago
|
Iteration: 56.2 - Jul 10 → 56.3 - Jul 24
|
|
||
Updated•7 years ago
|
Iteration: 56.3 - Jul 24 → 56.4 - Aug 1
|
|
||
Updated•7 years ago
|
Iteration: 56.4 - Aug 1 → 57.1 - Aug 15
|
||
Updated•7 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•