Closed Bug 346242 Opened 18 years ago Closed 18 years ago

final URLs for report phishing location

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Version:
2.0 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 2 beta2

People

(Reporter: beltzner, Assigned: beltzner)

References

Details

(Keywords: fixed1.8.1, late-l10n)

Attachments

(2 files)

Google/Firefox Safe Browsing page mockup
57.87 KB, image/png
Details
updates safe browsing report URIs
1.69 KB, patch
tony
: review+
mconnor
: approval1.8.1+
Details | Diff | Splinter Review 
Bug 344063 was a temporary solution for Firefox2 beta1 and beta2 (as well as trunk versions). Now we move on to the real deal for the final product.

Coming soon: requirements as agreed to with google!
Flags: blocking-firefox2?
OK, here's where we sit. After sifting through the various agreements and concerns, we're going to develop this page as:

 - a single page that will be loaded when the user clicks "Report Phishing Website..." in the Help menu and/or the warning bubble

 - the form on the page will be populated with the reported phishing site as a URL parameter and pre-populate the form

 - the reporting URLs will be in the mozilla.com domain and we'll cname over to Google 

 - as with Firefox Start, Mozilla will work with Google so there are blocks of Mozilla and Google content, and the visual identity will fit with the Firefox user experience

 - the parameters to be passed in the URI are: locale, site being reported, continue page and client identifier

Suggested URI naming scheme:

 http://www.mozilla.com/phishing-protection/{report-type}/hl={locale}&url={url}&continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Fsafebrowsing%2Fsubmit_success.html&client=navclient-auto-ffox2

This is a blocker for Firefox2's final release, but not for beta2.
Flags: blocking-firefox2? → blocking-firefox2+
Target Milestone: Firefox 2 beta2 → Firefox 2
This all sounds great to me. We should get the page mocked up. Would you prefer to do that or should I? I think Mozilla may care about the branding a bit more than Google so you may want to take the first pass.  Also, there is a thank you page after submission that we'll probably want to tweak to be consistent with the submission page. The URL for that appears as the continue parameter in the URL below so we'll want to tweak that parameter so we don't use the generic Google thank you page. Also, we'll need to localize all the text so it would be great to get that finalized in the next week or so.

> Suggested URI naming scheme:
> http://www.mozilla.com/phishing-protection/{report-type}/hl={locale}&url={url}&continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Fsafebrowsing%2Fsubmit_success.html&client=navclient-auto-ffox2

Maybe ...&continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Fsafebrowsing%2Fffox2_submit_success.html
Do we actually need the continue URL parameter or can we always redirect to the same "thank you" page?  i.e., can we use a hidden input field instead?  This would make the URL be:

http://www.mozilla.com/phishing-protection/{report-type}/?hl={locale}&url={url}

which seems much simpler.

Steven,
Per our discussion last week, the plan is to point to a co-branded page at Google for report a phishing functionality, similar to the start page at http://www.google.com/firefox. 

Firefox branding elements need to complement the reporting form, which looks like this:
http://www.google.com/safebrowsing/report_general/

Brian, do you have logo or page considerations/requirements?  


(In reply to comment #4)
> Brian, do you have logo or page considerations/requirements?  

We don't have any guidelines. It should be clear that the data is going to Google and we'd need a link to our Privacy policy. Otherwise, the best way to go is to come up with something we all like and then I'll get it rubber stamped.
Blocks: 346710
Blocks: 346711
Blocks: 346712
Blocks: 346717
Blocks: 346715, 346716, 346718
Blocks: 346719
Clean-up the mess from earlier today.
No longer blocks: 346711, 346712, 346715, 346716, 346717, 346718, 346719
I've created a mockup of a version of this page that incorporates some of the Firefox visual style while (hopefully) still retaining the Google image as well.

I took inspiration from the new "Server Not Found" page in Firefox (try any bad URL in Firefox to see it, like this one: http://www.asdf555555.com/). That said, I  don't think we want to make this look *too* much like it's "built in" to Firefox, since it does sent the info to another corporation.

The Google logo is still quite prominent, and the text can really knock people over the head with the message that they are submitting to Google. In fact, I think the more challenging task here will be re-writing the paragraph for this page that explains what the page is and what Google has to do with it.

Feedback please (particularly from the people at Google and Mozilla who can speak for what each organization requires from this page). Thanks.
(In reply to comment #3)
> Do we actually need the continue URL parameter or can we always redirect to 

Nope; I was following the existing parameter there, I'm totally fine using a hidden input field instead.

(In reply to comment #7)
> I've created a mockup of a version of this page that incorporates some of the
> Firefox visual style while (hopefully) still retaining the Google image as
> well.

Shiny! I actually like the fact that this looks like one of our existing pages, but wonder if we don't want to blur that line too much. I'll think about that, but would like to get Brian's or Sherman's input on that, too.

Other things I noticed:

 - page should be titled "Report a Suspected Web Forgery"
 - we're calling the feature "Anti-Phishing", not "Safe Browsing"

> over the head with the message that they are submitting to Google. In fact, I
> think the more challenging task here will be re-writing the paragraph for this
> page that explains what the page is and what Google has to do with it.

I agree. First pass:

Thank you for helping us keep the web safe from [phishing][1] sites. The information you submit below will be sent to Google's Safe Browsing team and will be used to improve the Anti Phishing protection for all Firefox and Google Toolbar users. Your personal information will not be sent in accordance with Google's [privacy policy][2]. [Learn more][3] about Firefox Anti Phishing.

{web form}

[1]: link to "what is phishing" page?
[2]: link to Google's privacy policy
[3]: link to Firefox Anti-Phishing FAQ
> Shiny! I actually like the fact that this looks like one of our existing pages,
> but wonder if we don't want to blur that line too much. I'll think about that,
> but would like to get Brian's or Sherman's input on that, too.

I'll let you decide how much you'd like the page to look like a Moz page. No extra requirements here.

One thing I noticed that was missing from the mockup is the CAPTCHA as in: http://www.google.com/safebrowsing/report_error/?continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Ftoolbar%2FFT2%2Fintl%2Fen%2Fsubmit_success.html&hl=en&url=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Ftoolbar%2FFT2%2Fintl%2Fen%2Fphish-o-rama.html

Also, Google currently uses two separate pages:
1. Report a phishing page
2. Report an error (false positive)

It may be clearer to link to each of those rather than use the page with the radio buttons. This would allow us to use a clearer textual description. It would be nice to link one page to the other so users who end up at the wrong page can get to the right one.

> First pass:
> 
> Thank you for helping us keep the web safe from [phishing][1] sites. The
> information you submit below will be sent to Google's Safe Browsing team and
> will be used to improve the Anti Phishing protection for all Firefox and 
> Google Toolbar users. 

I'd rather not spell out exactly where this data will be used because we'll probably end up using it lots of places. Also, doesn't "Anti Phishing protection" mean protection from anti-phishing? I understand that there's another way to parse that but phishing protection seems clearer.

> Your personal information will not be sent 
This seems a little confusing and negative. Can we say something positive like "Your report is anonymous..."

> in accordance with
> Google's [privacy policy][2]. [Learn more][3] about Firefox Anti Phishing.
> 
> {web form}
> 
> [1]: link to "what is phishing" page?
> [2]: link to Google's privacy policy
> [3]: link to Firefox Anti-Phishing FAQ
> 


I think we settled on "Phishing Protection" as the name of the feature.

Looks good.  Another thing to think about is how the design will transfer once we bring additional providers on board.  

Another approach could be to shoot for something similar to how the start page works conceptually (perhaps with a freshened up look?), with a Firefox banner/box and a Google branded form within.  That way, the provider logo is more closely aligned to the form.

Based upon the feedback from Beltzner and Brian, how about this for text:

Send an Unsafe Page Report to Google
Thank you for helping us keep the web safe from [phishing][1] sites. The information you submit below will be sent to Google and will be used to improve the Phishing Protection feature. Your report will be anonymous and in accordance with Google's [privacy policy][2].

If you believe the Phishing Protection feature is warning users of misleading activity on what is actually a safe page, please [report the incorrect forgery alert][4].

[Learn more][3] about Firefox Phishing Protection.

{web form}

[1]: link to "what is phishing" page?
[2]: link to Google's privacy policy
[3]: link to Firefox Phishing Protection FAQ
[4]: link to Google's Report an Incorrect Forgery Alert page

 	

Report an Incorrect Forgery Alert to Google
If you believe the Phishing Protection feature is warning users of misleading activity on what is actually a safe page, please complete the form below to report the error to Google. Your report will be anonymous and in accordance with Google's [privacy policy][2].

[Learn more][3] about Firefox Phishing Protection.

{web form}

[1]: link to "what is phishing" page?
[2]: link to Google's privacy policy
[3]: link to Firefox Phishing Protection FAQ


(In reply to comment #11)

Thanks for the text, Sherman.  A few ideas inline...

> Send an Unsafe Page Report to Google

I'm slightly nervous about using the phrasing "unsafe page." Why not use phishing here since we use it later in the page and since we want people who know what they're doing reporting pages. Not a huge deal though.

> Thank you for helping us keep the web safe from [phishing][1] sites. The
> information you submit below will be sent to Google and will be used to >improve
> the Phishing Protection feature. Your report will be anonymous and in

Should we remove "and"? Seems a little awkward as is.

> accordance with Google's [privacy policy][2].
> 
> If you believe the Phishing Protection feature is warning users of misleading

Should "Phishing Protection" have be capitalized?

> activity on what is actually a safe page, please [report the incorrect forgery
> alert][4].
> 
> [Learn more][3] about Firefox Phishing Protection.

Same questions/suggestions apply to the Report Incorrect alert page...
(In reply to comment #12)
> Should we remove "and"? Seems a little awkward as is.

"Your report will be anonymous in accordance with Google's [privacy policy][2]."

Yes, I agree. This sounds much better. :)
Tony, this patch uses the new format for the reporting URLs. Here's the scoop:

 - they use the new locale schema as described in bug 347944 comment 2
 - mozilla.com will CNAME redirect these to whatever URL these pages end up being
 - I kept the hl?={moz:locale} so that we can pass that parameter along as well
Attachment #233963 - Flags: review?(tony)
--> beta2, since the URI update needs to be in for beta, and we should get the redirecting in place for when the beta hits the street; even if that redirect just goes to our current crappy mozilla.org pages for now.
Target Milestone: Firefox 2 → Firefox 2 beta2
(Phil, Axel, Chris: see comment 3, and comment 14)
Keywords: late-l10n
Attachment #233963 - Flags: review?(tony) → review+
Comment on attachment 233963 [details] [diff] [review]
updates safe browsing report URIs

Drivers: this is a change to some preferences that is being made to follow our new l10n URI scheme; in this specific case, we're using the scheme for the domain name, and then using Google's localization format for the rest of the URI.
Attachment #233963 - Flags: approval1.8.1?
Attachment #233963 - Flags: approval1.8.1? → approval1.8.1+
Whiteboard: [checkin needed][checkin needed (1.8 branch)]
Assignee: nobody → beltzner
mozilla/browser/app/profile/firefox.js 	1.71.2.63
mozilla/browser/app/profile/firefox.js 	1.142
Status: NEW → RESOLVED
Closed: 18 years ago
Keywords: fixed1.8.1
Resolution: --- → FIXED
Whiteboard: [checkin needed][checkin needed (1.8 branch)]
Filed follow up bug 348878 to create the redirects; bug 346710 will create the pages themselves that Google will end up hosting.
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: