Closed Bug 436968 Opened 17 years ago Closed 16 years ago

Expose safe browsing preferences in UI (and turn it on)

Categories

(Camino Graveyard :: Preferences, defect)

Product:
Camino Graveyard
Component:
Preferences
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Camino2.0

People

(Reporter: murph, Assigned: murph)

References

Details

(Whiteboard: l10n [camino-2.0])

Attachments

(5 files, 4 obsolete files)

Safari pref UI
120.99 KB, image/png
Details
Safari pref UI (sb enabled)
79.51 KB, image/png
Details
Turn safe browsing prefs back on
1.60 KB, patch
stuart.morgan+bugzilla
: superreview+
Details | Diff | Splinter Review
Patch, for Check-In
4.07 KB, patch
Details | Diff | Splinter Review
Security.nib (v3)
16.87 KB, application/zip
stuart.morgan+bugzilla
: superreview+
Details
We will need to expose preferences for safe browsing. "browser.safebrowsing.enabled" controls the the enabled status for safe browsing as a whole, and also phishing protection. "browser.safebrowsing.malware.enabled" will also enable malware checking, but only if the phishing/general protection preference above is enabled.
Sean noted later in bug 358299 that the two prefs were actually independent. Our current thinking in the channel is that we should just expose a single pref [ ] Protect me from bad sites and have it support NSMixedState properly for those who may want to do one or the other.
This needs to block b2. Are there any other UI requirements (from Google) related to this pref? Safari has an update/disabled message along with its pref.
Flags: camino2.0b2+
Whiteboard: l10n
Target Milestone: --- → Camino2.0
(In reply to comment #2) > This needs to block b2. > > Are there any other UI requirements (from Google) related to this pref? Safari > has an update/disabled message along with its pref. I think we just have to be certain to always use legal-speak, using vocabulary that indicates we block "suspected" phishing/malware sites (See the last sentence, below). Google's Requirements: "If you use the Google Safe Browsing API to warn users about risks from particular webpages, we require that you follow certain guidelines. These guidelines help protect both you and Google from misunderstandings by making clear that the page is not known with 100% certainty to be a phishing site or a distributor of malware, and that the warnings merely identify possible risk. * In your end-user visible warning, you may not lead users to believe that the page in question is, without a doubt, a phishing page or a page that distributes malware. When you refer to the page being identified or the potential risks it may pose to users, you must qualify the warning using terms such as: suspected, potentially, possible, likely, may be. " Safari doesn't use any of those qualifying terms in it's UI, but we might want to remain on Google's good side, since we finally have been allowed to use the data ;).
Attached patch Patch (obsolete) — Splinter Review
Adds safe browsing pref to the Security pane...
Assignee: nobody → murph
Attachment #362908 - Flags: review?(stuart.morgan+bugzilla)
Attached file Nib (obsolete) —
Attached image Screenshot of Patch v1 (obsolete) —
If anyone has any other suggestions or ideas for the actual phrasing of the UI, feel free to offer it :).
I think we need the word "possibly" or "potentially" in there somewhere to qualify it (per Google). Not sure that will all fit on one line, though, unless we want to go with an all-encompassing descriptor like "malicious" or "dangerous" for these sort of sites in place of "fraudulent or harmful". cl
Attachment #362908 - Flags: superreview?(mikepinkerton)
Attachment #362908 - Flags: review?(stuart.morgan+bugzilla)
Attachment #362908 - Flags: review+
Comment on attachment 362908 [details] [diff] [review] Patch r=me on the code. I agree that the wording will need some qualification.
Comment on attachment 362909 [details] Nib Could you give this a behavioral run-through (including the patented Smokey Key Loop Special)?
Attachment #362909 - Flags: review?(alqahira)
Why not put this in the "Show a warning when..." section of checkboxes? It seems like this is just another warning like the others.
Attachment #362908 - Flags: superreview?(mikepinkerton) → superreview+
(In reply to comment #12) > Why not put this in the "Show a warning when..." section of checkboxes? It > seems like this is just another warning like the others. It's not just another warning like the others; 1) it's not a sheet UI-wise, and 2) we don't know that the conditions for the other two warnings are for certain harmful (e.g., following a link from Bugzilla to http://caminobrowser.org/ or some other site will trigger the https->http warning, and that is not necessarily a dangerous situation), whereas these sites are pretty much assured to be harmful 99.9% of the time. Also, 3) Safari and Firefox both have their pref separate from (and superior to) the other warning prefs. (When those two agree on something it's certainly still possible they are both be doing something stupid, but the odds are tilted towards the behavior being good and helpful.)
Comment on attachment 362909 [details] Nib 3 things: 1) Top margin is 22px; it should be 20px per our guidelines. 2) "Moving from a secure…" is still the first responder; the new pref should be the first responder. 3) Min height of the window is still the old window height; it should be set to whatever the correct current window height ends up being. r- Before you respin this, we should determine what we want the text to be (and if we should show the "safebrowsing unavailable" message in the prefs, like Safari, or somewhere that users will actually see it and know they're not protected). Also, I don't think we should check this in until right before we know we'll be allowed to pull data from the server; we shouldn't expose UI for features that don't work and which we don't know when they might start working, even in nightlies.
Attachment #362909 - Flags: review?(alqahira) → review-
As for the text, I think we could go with something like Dangerous sites: [X] Warn me when visiting potentially malicious sites Camino can identify and show a warning for sites that may attempt to steal your personal information or install harmful software on your computer. You should avoid visiting sites that have been identified as potentially dangerous. This is just a brain dump of my thoughts while making hot chocolate…the hint text obviously needs more work. If we need more space, I think we can probably move the "potentially"-type stuff so that it's only in the hint text. The new wording also eliminates one of the two personal pronouns. We'll also need to produce a localization note for this, so that localizers know they need to keep the "potential"-type qualification language.
Since I don't think we should land the pref UI until we feel the feature UI is shippable, this bug is also the "right" place to flip the prefs back to "true". This patch does that, when we're ready.
If we don't get to it before this bug, we also need to point browser.safebrowsing.warning.infoURL at http://caminobrowser.org/documentation/security/#phishing
...or wherever it ends up in bug 451092, but that URL is my current plan.
Same as the initial patch, but refreshed to apply to the current source. Ready to be checked in, having passed sr above.
Attachment #362908 - Attachment is obsolete: true
Attached file Security.nib (v2) (obsolete) —
Nib updated with Smokey's comments, and changed the text to what he mentioned in comment 16, I thought that was excellent. Thanks for noticing all of those aspects! The 22 px top margin was because I was measuring with both the label and checkbox selected. So, all measurements, and the key view loop, has been addressed. Note: IB 3.x on Leopard used, just in case we need to open and re-save on Tiger. Being that it's a nib that's loaded on demand, I'm thinking this is not needed though.
Attachment #362909 - Attachment is obsolete: true
Attachment #362910 - Attachment is obsolete: true
Attachment #389155 - Flags: review?(alqahira)
Attachment #389155 - Flags: superreview?(stuart.morgan+bugzilla)
Attachment #389155 - Flags: review?(alqahira)
Attachment #389155 - Flags: review+
Comment on attachment 389155 [details] Security.nib (v2) r=me, with the caveats that 1) smorgan approve the text in comment 15 2) we fix the window's min width/height on checkin
Comment 16 doesn't seem to meet the 'Notice to Users About Phishing and Malware Protection' requirement; specifically, there's no indication that it may have false negatives (sites that are bad but we don't warn about). In fact "Camino can identify" sort of implies the opposite. How about: Camino can try to warn you about sites that may attempt to steal your personal information or install harmful software on your computer. You should avoid visiting sites that have been identified as potentially dangerous, but be aware that some dangerous sites may not be identified.
The first sentence sounds like it has almost-redundant qualifiers in it, and it reads very awkwardly to me. "Can try" also makes me think that the feature as a whole may not work at all, instead of "it works well, but there are no guarantees that it will catch every single bad site and only those sites". I'd prefer if we kept false positives ("may attempt") in the first sentence and let the second sentence cover the false negatives ("but be aware that some dangerous sites may not be identified"), instead of trying to cover both false positives and false negatives in the first sentence (and false negatives again in the second).
Works for me.
Attached file Security.nib (v3)
Sean's nib v2 with my nit fixed and the new hint text based on the recent comments: Camino can warn you about sites that may attempt to steal your personal information or install harmful software on your computer. You should avoid visiting sites that have been identified as potentially dangerous, but be aware that some dangerous sites may not be identified.
Attachment #389155 - Attachment is obsolete: true
Attachment #389342 - Flags: superreview?(stuart.morgan+bugzilla)
Attachment #389155 - Flags: superreview?(stuart.morgan+bugzilla)
Attachment #389342 - Flags: superreview?(stuart.morgan+bugzilla) → superreview+
Comment on attachment 389342 [details] Security.nib (v3) sr=smorgan
Summary: Expose safe browsing preferences in UI → Expose safe browsing preferences in UI (and turn it on)
Comment on attachment 363741 [details] [diff] [review] Turn safe browsing prefs back on Just dotting the 'i's and whatnot.
Attachment #363741 - Flags: superreview?(stuart.morgan+bugzilla)
Attachment #363741 - Flags: superreview?(stuart.morgan+bugzilla) → superreview+
Comment on attachment 363741 [details] [diff] [review] Turn safe browsing prefs back on Ship it!
Shipped! (on CAMINO_2_0_BRANCH and cvs trunk) Thanks, everyone!
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Whiteboard: l10n → l10n [camino-2.0]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: