Closed
Bug 346242
Opened 18 years ago
Closed 18 years ago
final URLs for report phishing location
Categories
(Toolkit :: Safe Browsing, defect)
Tracking
()
RESOLVED
FIXED
Firefox 2 beta2
People
(Reporter: beltzner, Assigned: beltzner)
References
Details
(Keywords: fixed1.8.1, late-l10n)
Attachments
(2 files)
57.87 KB,
image/png
|
Details | |
1.69 KB,
patch
|
tony
:
review+
mconnor
:
approval1.8.1+
|
Details | Diff | Splinter Review |
Bug 344063 was a temporary solution for Firefox2 beta1 and beta2 (as well as trunk versions). Now we move on to the real deal for the final product. Coming soon: requirements as agreed to with google!
Updated•18 years ago
|
Flags: blocking-firefox2?
Assignee | ||
Comment 1•18 years ago
|
||
OK, here's where we sit. After sifting through the various agreements and concerns, we're going to develop this page as: - a single page that will be loaded when the user clicks "Report Phishing Website..." in the Help menu and/or the warning bubble - the form on the page will be populated with the reported phishing site as a URL parameter and pre-populate the form - the reporting URLs will be in the mozilla.com domain and we'll cname over to Google - as with Firefox Start, Mozilla will work with Google so there are blocks of Mozilla and Google content, and the visual identity will fit with the Firefox user experience - the parameters to be passed in the URI are: locale, site being reported, continue page and client identifier Suggested URI naming scheme: http://www.mozilla.com/phishing-protection/{report-type}/hl={locale}&url={url}&continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Fsafebrowsing%2Fsubmit_success.html&client=navclient-auto-ffox2 This is a blocker for Firefox2's final release, but not for beta2.
Flags: blocking-firefox2? → blocking-firefox2+
Target Milestone: Firefox 2 beta2 → Firefox 2
Comment 2•18 years ago
|
||
This all sounds great to me. We should get the page mocked up. Would you prefer to do that or should I? I think Mozilla may care about the branding a bit more than Google so you may want to take the first pass. Also, there is a thank you page after submission that we'll probably want to tweak to be consistent with the submission page. The URL for that appears as the continue parameter in the URL below so we'll want to tweak that parameter so we don't use the generic Google thank you page. Also, we'll need to localize all the text so it would be great to get that finalized in the next week or so.
> Suggested URI naming scheme:
> http://www.mozilla.com/phishing-protection/{report-type}/hl={locale}&url={url}&continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Fsafebrowsing%2Fsubmit_success.html&client=navclient-auto-ffox2
Maybe ...&continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Fsafebrowsing%2Fffox2_submit_success.html
Comment 3•18 years ago
|
||
Do we actually need the continue URL parameter or can we always redirect to the same "thank you" page? i.e., can we use a hidden input field instead? This would make the URL be: http://www.mozilla.com/phishing-protection/{report-type}/?hl={locale}&url={url} which seems much simpler.
Comment 4•18 years ago
|
||
Steven, Per our discussion last week, the plan is to point to a co-branded page at Google for report a phishing functionality, similar to the start page at http://www.google.com/firefox. Firefox branding elements need to complement the reporting form, which looks like this: http://www.google.com/safebrowsing/report_general/ Brian, do you have logo or page considerations/requirements?
Comment 5•18 years ago
|
||
(In reply to comment #4) > Brian, do you have logo or page considerations/requirements? We don't have any guidelines. It should be clear that the data is going to Google and we'd need a link to our Privacy policy. Otherwise, the best way to go is to come up with something we all like and then I'll get it rubber stamped.
Updated•18 years ago
|
Comment 6•18 years ago
|
||
Clean-up the mess from earlier today.
Comment 7•18 years ago
|
||
I've created a mockup of a version of this page that incorporates some of the Firefox visual style while (hopefully) still retaining the Google image as well. I took inspiration from the new "Server Not Found" page in Firefox (try any bad URL in Firefox to see it, like this one: http://www.asdf555555.com/). That said, I don't think we want to make this look *too* much like it's "built in" to Firefox, since it does sent the info to another corporation. The Google logo is still quite prominent, and the text can really knock people over the head with the message that they are submitting to Google. In fact, I think the more challenging task here will be re-writing the paragraph for this page that explains what the page is and what Google has to do with it. Feedback please (particularly from the people at Google and Mozilla who can speak for what each organization requires from this page). Thanks.
Assignee | ||
Comment 8•18 years ago
|
||
(In reply to comment #3) > Do we actually need the continue URL parameter or can we always redirect to Nope; I was following the existing parameter there, I'm totally fine using a hidden input field instead. (In reply to comment #7) > I've created a mockup of a version of this page that incorporates some of the > Firefox visual style while (hopefully) still retaining the Google image as > well. Shiny! I actually like the fact that this looks like one of our existing pages, but wonder if we don't want to blur that line too much. I'll think about that, but would like to get Brian's or Sherman's input on that, too. Other things I noticed: - page should be titled "Report a Suspected Web Forgery" - we're calling the feature "Anti-Phishing", not "Safe Browsing" > over the head with the message that they are submitting to Google. In fact, I > think the more challenging task here will be re-writing the paragraph for this > page that explains what the page is and what Google has to do with it. I agree. First pass: Thank you for helping us keep the web safe from [phishing][1] sites. The information you submit below will be sent to Google's Safe Browsing team and will be used to improve the Anti Phishing protection for all Firefox and Google Toolbar users. Your personal information will not be sent in accordance with Google's [privacy policy][2]. [Learn more][3] about Firefox Anti Phishing. {web form} [1]: link to "what is phishing" page? [2]: link to Google's privacy policy [3]: link to Firefox Anti-Phishing FAQ
Comment 9•18 years ago
|
||
> Shiny! I actually like the fact that this looks like one of our existing pages, > but wonder if we don't want to blur that line too much. I'll think about that, > but would like to get Brian's or Sherman's input on that, too. I'll let you decide how much you'd like the page to look like a Moz page. No extra requirements here. One thing I noticed that was missing from the mockup is the CAPTCHA as in: http://www.google.com/safebrowsing/report_error/?continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Ftoolbar%2FFT2%2Fintl%2Fen%2Fsubmit_success.html&hl=en&url=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Ftoolbar%2FFT2%2Fintl%2Fen%2Fphish-o-rama.html Also, Google currently uses two separate pages: 1. Report a phishing page 2. Report an error (false positive) It may be clearer to link to each of those rather than use the page with the radio buttons. This would allow us to use a clearer textual description. It would be nice to link one page to the other so users who end up at the wrong page can get to the right one. > First pass: > > Thank you for helping us keep the web safe from [phishing][1] sites. The > information you submit below will be sent to Google's Safe Browsing team and > will be used to improve the Anti Phishing protection for all Firefox and > Google Toolbar users. I'd rather not spell out exactly where this data will be used because we'll probably end up using it lots of places. Also, doesn't "Anti Phishing protection" mean protection from anti-phishing? I understand that there's another way to parse that but phishing protection seems clearer. > Your personal information will not be sent This seems a little confusing and negative. Can we say something positive like "Your report is anonymous..." > in accordance with > Google's [privacy policy][2]. [Learn more][3] about Firefox Anti Phishing. > > {web form} > > [1]: link to "what is phishing" page? > [2]: link to Google's privacy policy > [3]: link to Firefox Anti-Phishing FAQ >
Comment 10•18 years ago
|
||
I think we settled on "Phishing Protection" as the name of the feature.
Comment 11•18 years ago
|
||
Looks good. Another thing to think about is how the design will transfer once we bring additional providers on board. Another approach could be to shoot for something similar to how the start page works conceptually (perhaps with a freshened up look?), with a Firefox banner/box and a Google branded form within. That way, the provider logo is more closely aligned to the form. Based upon the feedback from Beltzner and Brian, how about this for text: Send an Unsafe Page Report to Google Thank you for helping us keep the web safe from [phishing][1] sites. The information you submit below will be sent to Google and will be used to improve the Phishing Protection feature. Your report will be anonymous and in accordance with Google's [privacy policy][2]. If you believe the Phishing Protection feature is warning users of misleading activity on what is actually a safe page, please [report the incorrect forgery alert][4]. [Learn more][3] about Firefox Phishing Protection. {web form} [1]: link to "what is phishing" page? [2]: link to Google's privacy policy [3]: link to Firefox Phishing Protection FAQ [4]: link to Google's Report an Incorrect Forgery Alert page Report an Incorrect Forgery Alert to Google If you believe the Phishing Protection feature is warning users of misleading activity on what is actually a safe page, please complete the form below to report the error to Google. Your report will be anonymous and in accordance with Google's [privacy policy][2]. [Learn more][3] about Firefox Phishing Protection. {web form} [1]: link to "what is phishing" page? [2]: link to Google's privacy policy [3]: link to Firefox Phishing Protection FAQ
Comment 12•18 years ago
|
||
(In reply to comment #11) Thanks for the text, Sherman. A few ideas inline... > Send an Unsafe Page Report to Google I'm slightly nervous about using the phrasing "unsafe page." Why not use phishing here since we use it later in the page and since we want people who know what they're doing reporting pages. Not a huge deal though. > Thank you for helping us keep the web safe from [phishing][1] sites. The > information you submit below will be sent to Google and will be used to >improve > the Phishing Protection feature. Your report will be anonymous and in Should we remove "and"? Seems a little awkward as is. > accordance with Google's [privacy policy][2]. > > If you believe the Phishing Protection feature is warning users of misleading Should "Phishing Protection" have be capitalized? > activity on what is actually a safe page, please [report the incorrect forgery > alert][4]. > > [Learn more][3] about Firefox Phishing Protection. Same questions/suggestions apply to the Report Incorrect alert page...
Comment 13•18 years ago
|
||
(In reply to comment #12) > Should we remove "and"? Seems a little awkward as is. "Your report will be anonymous in accordance with Google's [privacy policy][2]." Yes, I agree. This sounds much better. :)
Assignee | ||
Comment 14•18 years ago
|
||
Tony, this patch uses the new format for the reporting URLs. Here's the scoop: - they use the new locale schema as described in bug 347944 comment 2 - mozilla.com will CNAME redirect these to whatever URL these pages end up being - I kept the hl?={moz:locale} so that we can pass that parameter along as well
Attachment #233963 -
Flags: review?(tony)
Assignee | ||
Comment 15•18 years ago
|
||
--> beta2, since the URI update needs to be in for beta, and we should get the redirecting in place for when the beta hits the street; even if that redirect just goes to our current crappy mozilla.org pages for now.
Target Milestone: Firefox 2 → Firefox 2 beta2
Assignee | ||
Comment 16•18 years ago
|
||
(Phil, Axel, Chris: see comment 3, and comment 14)
Keywords: late-l10n
Updated•18 years ago
|
Attachment #233963 -
Flags: review?(tony) → review+
Assignee | ||
Comment 17•18 years ago
|
||
Comment on attachment 233963 [details] [diff] [review] updates safe browsing report URIs Drivers: this is a change to some preferences that is being made to follow our new l10n URI scheme; in this specific case, we're using the scheme for the domain name, and then using Google's localization format for the rest of the URI.
Attachment #233963 -
Flags: approval1.8.1?
Updated•18 years ago
|
Attachment #233963 -
Flags: approval1.8.1? → approval1.8.1+
Assignee | ||
Updated•18 years ago
|
Whiteboard: [checkin needed][checkin needed (1.8 branch)]
Updated•18 years ago
|
Assignee: nobody → beltzner
Comment 18•18 years ago
|
||
mozilla/browser/app/profile/firefox.js 1.71.2.63 mozilla/browser/app/profile/firefox.js 1.142
Status: NEW → RESOLVED
Closed: 18 years ago
Keywords: fixed1.8.1
Resolution: --- → FIXED
Whiteboard: [checkin needed][checkin needed (1.8 branch)]
Assignee | ||
Comment 19•18 years ago
|
||
Filed follow up bug 348878 to create the redirects; bug 346710 will create the pages themselves that Google will end up hosting.
Updated•10 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•