Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Malicious Site Protections Configuration #2502

Merged
merged 11 commits into from
Nov 27, 2024
Merged

Add Malicious Site Protections Configuration #2502

merged 11 commits into from
Nov 27, 2024
+45 −11

Conversation

not-a-rootkit
Copy link
Contributor

@not-a-rootkit not-a-rootkit commented Nov 22, 2024
edited
Loading

Asana Task/Github Issue: https://app.asana.com/0/72649045549333/1208815326657419/f

Description

Currently the malicious site protections config is named phishingDetection but as we're adding more data classes to it I'm proposing we rename it to maliciousSiteProtection for consistency.
The config currently contains the following fields:

  • allowErrorPage: when true, the phishing detection feature is enabled and checks are performed for all navigation events.
  • allowPreferencesToggle: when true, there is a settings toggle to allow users to enable/disable the feature.

We've discussed removing the subfeature flags for allowErrorPage and allowPreferencesToggle so it's combined in just one main flag for the whole feature, and adding settings:

  • when the main feature flag is enabled, we allow phishing + malware protections to run in the browser
  • settings.hashPrefixUpdateFrequency: currently set to 20 minutes
  • settings.filterSetUpdateFrequency: currently set to 12 hours (in minutes: 720)

Feature change process:

Additional info:

  • I have tested this change locally in all supported browsers
  • This change will be visible to users
  • This code for the config change is ready
  • This change was covered by a ship review

Reference

@github-actions GitHub Actions
Copy link

Don't forget to assign an individual reviewer (in addition to those already added, this should create a task for them in Asana).
Please mark this as draft unless there's intention to merge this.
Click the "Merge When Ready" if you're happy for this to automatically get merged once reviewed.
Also don't forget to add schema changes to validate if you're adding/changing a feature.

@duckduckgo duckduckgo deleted a comment from github-actions bot Nov 22, 2024
@not-a-rootkit not-a-rootkit marked this pull request as ready for review November 22, 2024 12:43
@not-a-rootkit not-a-rootkit requested review from a team as code owners November 22, 2024 12:43
@not-a-rootkit not-a-rootkit added the DO NOT MERGE Don't merge this branch unless directed label Nov 22, 2024
@not-a-rootkit
Copy link
Contributor Author

FYI we're still discussing whether we want this much granular control over the feature. TBD Monday.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 25, 2024
edited
Loading

Generated file outputs:

Time updated: Wed, 27 Nov 2024 10:54:34 GMT

legacy
trackers-unprotected-temporary.txt

⚠️ File is identical

v3/android-config.json (1 more)
  • v3/android-config.json
  • v3/windows-config.json
--- v3/windows-config.json
+++ v3/windows-config.json
@@ -6178,8 +6178,16 @@
         "loadingBarExp": {
             "exceptions": [],
             "state": "disabled"
         },
+        "maliciousSiteProtection": {
+            "state": "internal",
+            "exceptions": [],
+            "settings": {
+                "hashPrefixUpdateFrequency": 20,
+                "filterSetUpdateFrequency": 720
+            }
+        },
         "marketplaceAdPostback": {
             "state": "disabled",
             "exceptions": []
         },
@@ -6295,26 +6303,9 @@
             ]
         },
         "phishingDetection": {
             "state": "disabled",
-            "exceptions": [
-                {
-                    "domain": "marvel.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/issues/1194"
-                },
-                {
-                    "domain": "sundancecatalog.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/issues/1420"
-                },
-                {
-                    "domain": "noaprints.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/pull/2143"
-                },
-                {
-                    "domain": "flexmls.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/pull/2228"
-                }
-            ]
+            "exceptions": []
         },
         "pluginPointFocusedViewPlugin": {
             "state": "disabled",
             "exceptions": []
v3/extension-brave-config.json (9 more)
  • v3/extension-brave-config.json
  • v3/extension-bravemv3-config.json
  • v3/extension-chrome-config.json
  • v3/extension-chromemv3-config.json
  • v3/extension-config.json
  • v3/extension-edg-config.json
  • v3/extension-edge-config.json
  • v3/extension-edgmv3-config.json
  • v3/extension-firefox-config.json
  • v3/extension-safarimv3-config.json
--- v3/extension-safarimv3-config.json
+++ v3/extension-safarimv3-config.json
@@ -6487,8 +6487,12 @@
         "loadingBarExp": {
             "exceptions": [],
             "state": "disabled"
         },
+        "maliciousSiteProtection": {
+            "state": "disabled",
+            "exceptions": []
+        },
         "marketplaceAdPostback": {
             "state": "disabled",
             "exceptions": []
         },
@@ -6664,46 +6668,9 @@
             ]
         },
         "phishingDetection": {
             "state": "disabled",
-            "exceptions": [
-                {
-                    "domain": "marvel.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/issues/1194"
-                },
-                {
-                    "domain": "sundancecatalog.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/issues/1420"
-                },
-                {
-                    "domain": "noaprints.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/pull/2143"
-                },
-                {
-                    "domain": "flexmls.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/pull/2228"
-                },
-                {
-                    "domain": "localhost",
-                    "reason": "Protections are disabled on localhost pages"
-                },
-                {
-                    "domain": "127.0.0.1",
-                    "reason": "Protections are disabled on localhost pages"
-                },
-                {
-                    "domain": "::1",
-                    "reason": "Protections are disabled on localhost pages"
-                },
-                {
-                    "domain": "livenation.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/issues/1053"
-                },
-                {
-                    "domain": "ticketmaster.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/issues/794"
-                }
-            ]
+            "exceptions": []
         },
         "pluginPointFocusedViewPlugin": {
             "state": "disabled",
             "exceptions": []
v3/ios-config.json 
--- v3/ios-config.json
+++ v3/ios-config.json
@@ -6328,8 +6328,16 @@
         "loadingBarExp": {
             "exceptions": [],
             "state": "disabled"
         },
+        "maliciousSiteProtection": {
+            "state": "internal",
+            "exceptions": [],
+            "settings": {
+                "hashPrefixUpdateFrequency": 20,
+                "filterSetUpdateFrequency": 720
+            }
+        },
         "marketplaceAdPostback": {
             "state": "enabled",
             "exceptions": []
         },
@@ -6456,39 +6464,10 @@
                 }
             ]
         },
         "phishingDetection": {
-            "state": "internal",
-            "exceptions": [
-                {
-                    "domain": "marvel.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/issues/1194"
-                },
-                {
-                    "domain": "sundancecatalog.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/issues/1420"
-                },
-                {
-                    "domain": "noaprints.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/pull/2143"
-                },
-                {
-                    "domain": "flexmls.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/pull/2228"
-                },
-                {
-                    "domain": "instructure.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/issues/2212"
-                }
-            ],
-            "features": {
-                "allowErrorPage": {
-                    "state": "internal"
-                },
-                "allowPreferencesToggle": {
-                    "state": "internal"
-                }
-            }
+            "state": "disabled",
+            "exceptions": []
         },
         "pluginPointFocusedViewPlugin": {
             "state": "disabled",
             "exceptions": []
v3/macos-config.json 
--- v3/macos-config.json
+++ v3/macos-config.json
@@ -6384,8 +6384,16 @@
         "loadingBarExp": {
             "exceptions": [],
             "state": "disabled"
         },
+        "maliciousSiteProtection": {
+            "state": "internal",
+            "exceptions": [],
+            "settings": {
+                "hashPrefixUpdateFrequency": 20,
+                "filterSetUpdateFrequency": 720
+            }
+        },
         "marketplaceAdPostback": {
             "state": "disabled",
             "exceptions": []
         },
@@ -6552,30 +6560,9 @@
             ]
         },
         "phishingDetection": {
             "state": "internal",
-            "exceptions": [
-                {
-                    "domain": "marvel.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/issues/1194"
-                },
-                {
-                    "domain": "sundancecatalog.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/issues/1420"
-                },
-                {
-                    "domain": "noaprints.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/pull/2143"
-                },
-                {
-                    "domain": "flexmls.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/pull/2228"
-                },
-                {
-                    "domain": "instructure.com",
-                    "reason": "https://github.com/duckduckgo/privacy-configuration/issues/2212"
-                }
-            ],
+            "exceptions": [],
             "features": {
                 "allowErrorPage": {
                     "state": "internal"
                 },
latest
v4/android-config.json (1 more)
  • v4/android-config.json
  • v4/windows-config.json
--- v4/windows-config.json
+++ v4/windows-config.json
@@ -5648,8 +5648,16 @@
         "loadingBarExp": {
             "exceptions": [],
             "state": "disabled"
         },
+        "maliciousSiteProtection": {
+            "state": "internal",
+            "exceptions": [],
+            "settings": {
+                "hashPrefixUpdateFrequency": 20,
+                "filterSetUpdateFrequency": 720
+            }
+        },
         "marketplaceAdPostback": {
             "state": "disabled",
             "exceptions": []
         },
@@ -5753,22 +5761,9 @@
             ]
         },
         "phishingDetection": {
             "state": "disabled",
-            "exceptions": [
-                {
-                    "domain": "marvel.com"
-                },
-                {
-                    "domain": "sundancecatalog.com"
-                },
-                {
-                    "domain": "noaprints.com"
-                },
-                {
-                    "domain": "flexmls.com"
-                }
-            ]
+            "exceptions": []
         },
         "pluginPointFocusedViewPlugin": {
             "state": "disabled",
             "exceptions": []
v4/extension-brave-config.json (9 more)
  • v4/extension-brave-config.json
  • v4/extension-bravemv3-config.json
  • v4/extension-chrome-config.json
  • v4/extension-chromemv3-config.json
  • v4/extension-config.json
  • v4/extension-edg-config.json
  • v4/extension-edge-config.json
  • v4/extension-edgmv3-config.json
  • v4/extension-firefox-config.json
  • v4/extension-safarimv3-config.json
--- v4/extension-safarimv3-config.json
+++ v4/extension-safarimv3-config.json
@@ -5860,8 +5860,12 @@
         "loadingBarExp": {
             "exceptions": [],
             "state": "disabled"
         },
+        "maliciousSiteProtection": {
+            "state": "disabled",
+            "exceptions": []
+        },
         "marketplaceAdPostback": {
             "state": "disabled",
             "exceptions": []
         },
@@ -6010,37 +6014,9 @@
             ]
         },
         "phishingDetection": {
             "state": "disabled",
-            "exceptions": [
-                {
-                    "domain": "marvel.com"
-                },
-                {
-                    "domain": "sundancecatalog.com"
-                },
-                {
-                    "domain": "noaprints.com"
-                },
-                {
-                    "domain": "flexmls.com"
-                },
-                {
-                    "domain": "localhost"
-                },
-                {
-                    "domain": "127.0.0.1"
-                },
-                {
-                    "domain": "::1"
-                },
-                {
-                    "domain": "livenation.com"
-                },
-                {
-                    "domain": "ticketmaster.com"
-                }
-            ]
+            "exceptions": []
         },
         "pluginPointFocusedViewPlugin": {
             "state": "disabled",
             "exceptions": []
v4/ios-config.json 
--- v4/ios-config.json
+++ v4/ios-config.json
@@ -5777,8 +5777,16 @@
         "loadingBarExp": {
             "exceptions": [],
             "state": "disabled"
         },
+        "maliciousSiteProtection": {
+            "state": "internal",
+            "exceptions": [],
+            "settings": {
+                "hashPrefixUpdateFrequency": 20,
+                "filterSetUpdateFrequency": 720
+            }
+        },
         "marketplaceAdPostback": {
             "state": "enabled",
             "exceptions": []
         },
@@ -5890,34 +5898,10 @@
                 }
             ]
         },
         "phishingDetection": {
-            "state": "internal",
-            "exceptions": [
-                {
-                    "domain": "marvel.com"
-                },
-                {
-                    "domain": "sundancecatalog.com"
-                },
-                {
-                    "domain": "noaprints.com"
-                },
-                {
-                    "domain": "flexmls.com"
-                },
-                {
-                    "domain": "instructure.com"
-                }
-            ],
-            "features": {
-                "allowErrorPage": {
-                    "state": "internal"
-                },
-                "allowPreferencesToggle": {
-                    "state": "internal"
-                }
-            }
+            "state": "disabled",
+            "exceptions": []
         },
         "pluginPointFocusedViewPlugin": {
             "state": "disabled",
             "exceptions": []
v4/macos-config.json 
--- v4/macos-config.json
+++ v4/macos-config.json
@@ -5821,8 +5821,16 @@
         "loadingBarExp": {
             "exceptions": [],
             "state": "disabled"
         },
+        "maliciousSiteProtection": {
+            "state": "internal",
+            "exceptions": [],
+            "settings": {
+                "hashPrefixUpdateFrequency": 20,
+                "filterSetUpdateFrequency": 720
+            }
+        },
         "marketplaceAdPostback": {
             "state": "disabled",
             "exceptions": []
         },
@@ -5974,25 +5982,9 @@
             ]
         },
         "phishingDetection": {
             "state": "internal",
-            "exceptions": [
-                {
-                    "domain": "marvel.com"
-                },
-                {
-                    "domain": "sundancecatalog.com"
-                },
-                {
-                    "domain": "noaprints.com"
-                },
-                {
-                    "domain": "flexmls.com"
-                },
-                {
-                    "domain": "instructure.com"
-                }
-            ],
+            "exceptions": [],
             "features": {
                 "allowErrorPage": {
                     "state": "internal"
                 },

@not-a-rootkit not-a-rootkit removed the DO NOT MERGE Don't merge this branch unless directed label Nov 25, 2024
@not-a-rootkit
Copy link
Contributor Author

not-a-rootkit commented Nov 25, 2024
edited
Loading

We decided to keep the macOS phishingDetection feature flag for backwards compatibility, but add maliciousSiteProtection for all other platforms and for future use. This is ready for review now :)

cc: @mallexxx , @SabrinaTardio, @alessandroboron

jonathanKingston
jonathanKingston reviewed Nov 25, 2024
View reviewed changes
index.js Outdated Show resolved Hide resolved
@jonathanKingston jonathanKingston added this pull request to the merge queue Nov 27, 2024
@not-a-rootkit not-a-rootkit mentioned this pull request Nov 27, 2024
Merged
2 tasks
Merged via the queue into main with commit 159a362 Nov 27, 2024
8 checks passed
@jonathanKingston jonathanKingston deleted the tespach/malicious-site-protections branch November 27, 2024 12:26
not-a-rootkit added a commit that referenced this pull request Nov 27, 2024
@not-a-rootkit
Revert "Add Malicious Site Protections Configuration (#2502)"
ef290dc 
This reverts commit 159a362.
This was referenced Nov 27, 2024
Closed
Merged
@mallexxx mallexxx mentioned this pull request Nov 29, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonathanKingston jonathanKingston jonathanKingston approved these changes

@quanganhdo quanganhdo Awaiting requested review from quanganhdo quanganhdo is a code owner automatically assigned from duckduckgo/apple-devs

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@not-a-rootkit @jonathanKingston