On Thu, Mar 21, 2019, 9:39 PM Rik Cabanier, <caban...@gmail.com> wrote:
> Why are these sites not included in the "safe browsing" service that is > used by most browsers? > That way, everyone would be protected. > Because the relevant part of safe browsing service covers a different set of criteria: https://www.google.com/about/unwanted-software-policy.html. But more importantly, Google's safe browsing isn't by far the only block list of bad URLs based on various criteria that various browsers and extension use to improve the user's browsing experience. To answer your actual question here, the block lists we're working with Disconnect to create here are available for everyone to use under a permissive license at https://github.com/disconnectme/disconnect-tracking-protection. We actually ingest the list using the safe browsing protocol so other browsers that have implemented that protocol could do the same today. Cheers, Ehsan > On Thu, Mar 21, 2019 at 2:59 PM Steven Englehardt <sengleha...@mozilla.com > > > wrote: > > > Summary: > > We are expanding the set of resources blocked by Content Blocking to > > include domains found to participate in cryptomining and fingerprinting. > > Cryptomining has a significant impact on a device’s resources [0], and > the > > scripts are almost exclusively deployed without notice to the user [1]. > > Fingerprinting has long been used to track users, and is in violation our > > anti-tracking policy [2]. > > > > In support of this, we’ve worked with Disconnect to introduce two new > > categories of resources to their list: cryptominers [3] and > fingerprinters > > [4]. As of Firefox 67, we have exposed options to block these categories > of > > domains under the “Custom” section of the Content Blocking in > > about:preferences#privacy. We are actively working with Disconnect to > > discover new domains that participate in these practices, and expect the > > lists to grow over time. A full description of the lists is given here > [5]. > > > > Bugs: > > Implementation: https://bugzilla.mozilla.org/show_bug.cgi?id=1513159 > > Breakage: > > Cryptomining: https://bugzilla.mozilla.org/show_bug.cgi?id=1527015 > > Fingerprinting: https://bugzilla.mozilla.org/show_bug.cgi?id=1527013 > > > > We plan to test the impact of blocking these categories during the > Firefox > > 67 release cycle [6][7]. We are currently targeting Firefox 69 to block > > both categories by default, however this may change depending on the > > results of our user studies. > > > > To further field test the new lists, we expect to enable the blocking of > > both categories by default in Nightly within the coming month. If you do > > discover breakage related to this feature, we ask that you report it in > one > > of the cryptomining or fingerprinting blocking breakage bugs above. > > > > Link to standard: These are additions to Content Blocking/Tracking > > Protection which is not a feature we've standardized. > > > > Platform coverage: > > Desktop for now. It is being considered for geckoview: ( > > https://bugzilla.mozilla.org/show_bug.cgi?id=1530789) but is on hold > until > > the feature is more thoroughly tested. > > > > Estimated release: > > Disabled by default and available for testing in Firefox 67. We expect to > > ship this on by default in a future release, pending user testing > results. > > An intent to ship will be sent later. > > > > Preferences: > > * privacy.trackingprotection.fingerprinting.enabled - controls whether > > fingerprinting blocking is enabled > > * privacy.trackingprotection.cryptomining.enabled - controls whether > > cryptomining blocking is enabled > > > > These can also be enabled using the checkboxes under the Custom section > of > > Content Blocking in about:preferences#privacy for Firefox 67+. > > > > Is this feature enabled by default in sandboxed iframes?: Blocking > applies > > to all resources, regardless of their source. > > > > DevTools bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1537627 > > When blocking of either category is enabled, any blocked resources will > be > > logged to the console with the following message: `The resource at “ > > example.com” was blocked because content blocking is enabled.` > > > > Do other browser engines implement this? > > Opera and Brave block cryptominers using the no-coin cryptomining list > > [8][9]. The cryptomining list supplied by Disconnect is, in part, created > > by matching web crawl data against no-coin and other crowdsourced lists. > > No other browsers currently block the fingerprinting list, as we are > > working with Disconnect to build it for this feature. However, many of > the > > domains on the fingerprinting list are likely to appear on other > > crowdsourced adblocking lists. > > > > Web-platform-tests: Since content blocking is not a standardized feature, > > there are no wpts. > > > > Is this feature restricted to secure contexts? No. Users benefit from > > blocking in all contexts. > > > > [0] https://arxiv.org/pdf/1806.01994.pdf > > [1] https://nikita.ca/papers/outguard-www19.pdf > > [2] https://wiki.mozilla.org/Security/Anti_tracking_policy > > [3] > > > > > https://github.com/mozilla-services/shavar-prod-lists/blob/7eaadac98bc9dcc95ce917eff7bbb21cb71484ec/disconnect-blacklist.json#L9537 > > [4] > > > > > https://github.com/mozilla-services/shavar-prod-lists/blob/7eaadac98bc9dcc95ce917eff7bbb21cb71484ec/disconnect-blacklist.json#L9316 > > [5] https://wiki.mozilla.org/Security/Tracking_protection#Lists > > [6] https://bugzilla.mozilla.org/show_bug.cgi?id=1533778 > > [7] https://bugzilla.mozilla.org/show_bug.cgi?id=1530080 > > [8] > > > > > https://www.zdnet.com/article/opera-just-added-a-bitcoin-mining-blocker-to-its-browser/ > > [9] https://github.com/brave/adblock-lists/blob/master/coin-miners.txt > > _______________________________________________ > > dev-platform mailing list > > dev-platform@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-platform > > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform