sambacha
commented
4 months ago When a user is faced with this page, shouldn't there be an option for submitting the potential URL to an analysis service or some other inbound queue for analysis? AKA why not have this report to SEAL bot potentially?
Also, why not mention the potential for loss of funds, yes I know that is implicit, but it should be explicitly stated to reinforce the potential for danger.
Currently when you attempt to navigate to a blocked site, the redscreen page is served from
https://metamask.github.io/phishing-warning/v3.0.0/.........The warning page is our authority page to let users know of a scam they are about to visit. If we continue to serve it on non-metamask.io domain, we are training users to trust non-metamask domains for this security control.
Moving to metamask domain will isolate it from the rest of the metamask experiments that are served under
metamask.github.io/<your page>Ref Links
https://github.com/search?q=org%3AMetaMask+metamask.github.io%2Fphishing-warning&type=code
extension https://github.com/MetaMask/metamask-extension/blob/develop/development/build/scripts.js#L191
also some ledger thing also served from here: https://github.com/MetaMask/metamask-extension/blob/develop/offscreen/ledger-iframe.html
mobile doesn't seem to be serving the same page lol. It's serving a page that apparently ships with the app?
https://github.com/MetaMask/metamask-mobile/blob/main/app/components/UI/PhishingModal/index.js