The Safe Browsing service we rely on for protection against malware and deceptive sites is migrating to a new version of the Safe Browsing protocol. Version 4 will enable Google to quickly send the most relevant list entries to clients (based on platform and locale for example) as well as deal with false positives in a more efficient way.
Meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1167038 Implementation plan: https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation Link to specification: https://developers.google.com/safe-browsing/v4/update-api Platform coverage: Desktop and Android Estimated or target release: We'll be rolling it out slowly in the pre-release channels and monitoring it closely via Telemetry before we switch over. We intend to have the existing V2 code running in parallel with the V4 code for a little while. Google has agreed to run the old servers until we have released an ESR which uses the version 4 servers (most likely ESR 59). Preference behind which this will be implemented: urlclassifier.phishTable and urlclassifier.malwareTable https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation#Notes Do other browser engines implement this? Chromium is working on it. They have landed large parts of it, but it hasn't shipped to users yet. Tests: Our existing tests for version 2 of the protocol will be extended to support version 4 too. We are also adding V4-specific tests. https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/url-classifier/tests https://hg.mozilla.org/mozilla-central/file/tip/testing/firefox-ui/tests/functional/security https://hg.mozilla.org/mozilla-central/file/tip/browser/components/safebrowsing/content/test + manual smoke tests Security and Privacy concerns: The privacy characteristics of the new protocol are essentially the same as the old protocol. https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_what-information-is-sent-to-mozilla-or-its-partners-when-phishing-and-malware-protection-are-enabled For more information about Safe Browsing, see the wiki: https://wiki.mozilla.org/Security/Safe_Browsing _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
