[meta] Support client-side provenance on Windows
Categories
(Firefox :: Installer, enhancement, P3)
Tracking
()
People
(Reporter: bytesized, Assigned: bytesized)
References
Details
(Keywords: meta)
Attachments
(1 obsolete file)
It appears that Windows browsers typically write data regarding where files were downloaded from in an alternate data stream associated with the downloaded file. Even Firefox writes this data, here. We can use this feature to allow the installer to read where it was downloaded from and make that information available to the installation that it installs. This would be similar to how existing Windows attribution works.
Initially, we just want to see what kind of data is available, probably collecting this information:
- Whether the file system supports Alternate Data Streams at all, and potentially the file system (e.g. NTFS, FAT, remote SMB/CIFS, other)
- Whether :Zone.Identifier exists, and if so, what ZoneId is
- Whether ReferrerURL exists
- Whether HostURL exists
- Whether “mozilla.org” and other known fragments/prefixes are in ReferrerURL and/or HostURL
If it looks like there is good data available, we will want to explore how we can safely retrieve data that could shed light on the unattributed funnel.
Comment 1•2 years ago
|
||
I'd like to choose a new name for this idea, since it's different than how our existing attribution systems work. I suggest "client-side provenance", but I'm happy for Robin to have the final choice.
The point is that this augments our existing attribution system: it's entirely possible to see installers that are attributed from mozilla.org but have client-side provenance a third-party site like cnet.com. We shouldn't trust the client-side provenance over the binary attribution -- or at least, not yet :)
Robin, if you prefer a different name, counter with it? And maybe update the ticket title? Thanks!
Assignee | ||
Comment 2•2 years ago
|
||
(In reply to Nick Alexander :nalexander [he/him] from comment #1)
The point is that this augments our existing attribution system
Ah, good point.
Robin, if you prefer a different name, counter with it? And maybe update the ticket title? Thanks!
No, I think this name is fine.
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 3•2 years ago
|
||
This patch was heavily inspired by the existing 7z customizations that read the download token into the "postSigningData" file. In both cases, the installation self-extractor copies some data into the same temporary directory where the installer is written. It will then be up to the NSIS installer to copy that file into the installation directory (that work will be done later in this stack).
This patch also includes changes to some files that were regenerated based on the code changes made.
mozilla_customizations.diff
was updated so that it still reflects all Mozilla-made code changes to 7z.- The
7zSD.ARM64.sfx
and7zSD.Win32.sfx
executables were re-built from the new code. SFXSetup.vcxproj
was updated to use newer toolchains.
Depends on D171108
Updated•2 years ago
|
Comment 4•2 years ago
|
||
Comment on attachment 9320056 [details]
Bug 1814968 - Customize 7z to write provenance data r=nalexander!
Revision D171109 was moved to bug 1815019. Setting attachment 9320056 [details] to obsolete.
Comment 5•2 years ago
|
||
There may be some follow-up based on the data we get but we will file a new meta to track that work. Closing this as done. Thanks all.
Description
•