search

MetaMask / phishing-warning

A page to warn users about a suspected phishing site.
14 stars 13 forks source link

Improve fuzzylist logic in eth-phishing-detect #45

Open holantonela opened 1 year ago

holantonela commented 1 year ago

from @Gudahtt:

The fuzzylist is not safe to extend in its current form. We should freeze it until we improve that functionality to make it more effective at blocking imposter sites, less prone to false positives, and less alarming for users.

There are a few fairly low-effort changes we could make to improve this:

  1. Increase the levenstien tolerance from 2 to 1, dramatically reducing the number of matches (and thus reducing false positives)
  2. Make the warning page less alarming for fuzzylist matches (e.g. yellow instead of red, less alarming copy)
  3. Make the warning page emphasize the risk of the website being an impostor of a specific target, so users can better evaluate risk on their own. https://github.com/MetaMask/phishing-warning/issues/37
  4. It's hard for a user to look at a site and know if it's malicious or not, but most people would probably be confident that unity.com isn't trying to pretend to be invity.com.
  5. Add detection for invisible confusable characters, so we can detect obvious imposters and treat them more harshly
  6. Add confusable character support to the warning page, so we can better highlight easy-to-miss differences between the suspected domain and potential target that it may be pretending to be.

Looking at some recent Trezor examples:

from @legobeat :

Let's consider

https://github.com/MetaMask/eth-phishing-detect/pull/9407 https://github.com/MetaMask/eth-phishing-detect/pull/9610 https://github.com/MetaMask/eth-phishing-detect/pull/9602

AlexHerman1 commented 1 year ago

love this