"Application Reputation" checking is a separate system from Safe Browsing that shares some of the same characteristics but also behaves differently in some cases.
The blog post you mention describes a scenario where "download metadata" (described in more detail at https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc#High-level_overview) is sent to Google servers if certain conditions are met, and those conditions are different than the conditions required for sending a safe browsing lookup request. For download metadata to be sent to Google, my understanding of the conditions that must be satisfied are: - "browser.safebrowsing.malware.enabled" must be true (it defaults to true, but can be turned off in the Firefox preferences UI as described in the post) - the user must be on Windows and running Firefox 32 or later - the download's must be of an executable file (as determined by the file extension) - the downloaded file's URL must not be on a local "blocklist" of malware downloads - the downloaded file must not have been signed by a signature that's on the local "allowlist" of known good publishers I assume there are privacy policy changes in progress to describe these additional behaviors - Sid/Monica, do you have pointers to a bug about privacy policy updates? Gavin On Mon, Jul 28, 2014 at 4:23 AM, Rubén Martín <[email protected]> wrote: > El 25/07/14 a las #4, Asa Dotzler escribió: >> It looks like we already have documentation where this is explained, >> including a link to technical details that will probably be >> undigestible to most humans. What more are you asking for? >> >> https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work > > Interesting. I read: > >> Phishing and Malware Protection works by checking the sites that you >> visit against lists of reported phishing and malware sites. These >> lists are automatically downloaded and updated every 30 minutes or so >> when the Phishing and Malware Protection features are enabled. The >> technical details of the safe-browsing protocol are also publicly >> available >> <http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec>. > > And: >> There are two times when Firefox will communicate with Mozilla’s >> partners while using Phishing and Malware Protection. The first is >> during the regular updates to the lists of reporting phishing and >> malware sites. No information about you or the sites you visit is >> communicated during list updates. The second is in the event that you >> encounter a reported phishing or malware site. Before blocking the >> site, Firefox will request a double-check to ensure that the reported >> site has not been removed from the list since your last update. In >> both cases, existing cookies you have from google.com >> <http://google.com>, our list provider, may also be sent. > Reading this I assume that right now we are NOT sending urls to google > in any case except we hit a positive on the blocking list. > > My question is if we are going to do the same for downloads in Firefox > 32 or this is going to change. > > Regards. > > -- > Rubén Martín [Nukeador] > Mozilla Reps Mentor > http://www.mozilla-hispano.org > http://twitter.com/mozilla_hispano > http://facebook.com/mozillahispano > > > _______________________________________________ > governance mailing list > [email protected] > https://lists.mozilla.org/listinfo/governance > _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
