The backend doesn't support changing the local list data provider. To support that we would need to do the following: 1) Change the hard coded value in browser/components/safebrowsing/content/globalstore.js to change with data provider changes. 2) Determine a way to get blacklist/whitelist table names. This is currently a list hard coded in browser/components/safebrowsing/content/sb-loader.js. We could either: a) move to a pref, or b) add it to the update URL protocol. The benefit of (b) would be that providers can add/remove tables without requiring a client change.
This look like an enhancement more than a bug. Changing feel free to change back.
Severity: normal → enhancement
http://en.wikipedia.org/wiki/Mozilla_Firefox#Relationship_with_Google links to this bug report: "The user cannot change the data provider within the GUI, and is not informed who the default data provider is."
How should the UI for this work? Should Firefox ship with a predefined list of phishing/malware site list providers, like we do for search engines? For ones that aren't on the list, should there be a way for users to add them? I imagine we could get one or more of McAfee SiteAdvisor, Netcraft, or GeoTrust to provide their data in the correct format if we offered to add them as options.
(In reply to comment #3) > I imagine we could get one or more of McAfee SiteAdvisor, Netcraft, or GeoTrust > to provide their data in the correct format if we offered to add them as > options. You'd imagine incorrectly. We've asked and extended offers to all of those companies, and been rebuffed. This doesn't block, but is wanted. The best way to do it, I'd imagine, would be to allow alternative providers to register themselves similar to how feed readers and other web apps do, providing the endpoints for the Safe Browsing protocol. The UI would be a drop-down of available providers in the prefPane. If we don't get it for Firefox 3, alternative providers can still support themselves by creating an add-on.
Is this really wanted? I think I can work on it, however I'd like to know beforehand whether or not the patches will be accpeted -- I have bad experiences in creating patches in bugs related with "safebrowsing" (my patches in bugs that well seemingly open for contributions were rejected -- for examples see bug 430741 and bug 368255).
(In reply to comment #6) > Is this really wanted? I think I can work on it, however I'd like to know > beforehand whether or not the patches will be accpeted -- I have bad > experiences in creating patches in bugs related with "safebrowsing" (my > patches in bugs that well seemingly open for contributions were rejected -- > for examples see bug 430741 and bug 368255). I haven't seen much merit for it. This specific bug deals with switching providers (which can be done) and changing whitelist/blacklist table names. The table names change is kind of trivial (AIUI, change the regex in browser.js when determining how to handle a response) but I have not seen cases of SB data providers that do not use the "-malware"/"-phishing" format. The larger problem is switching data providers to one which does not follow the SB protocol. I would say that this is not currently wanted in main Firefox but could potentially be merged in. (It's too hard to say without a trial run.) Perhaps trying something like this as an extension and seeing what the community response/pick-up is would be useful?
If someone doesn't want the Google SafeBrowsing service, it can be turned off. An extension should be able to provide this kind of protection without need for us to add such code to Firefox.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WONTFIX
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.