Closed diracdeltas closed 8 years ago
diracdeltas
commented
8 years ago Probably this is best done in Electron by using Chromium's safebrowsing module (src/chrome/browser/safe_browsing i think). @bridiver could you look into how feasible this would be?
neeklamy
commented
8 years ago Are there any other safe browsing blacklists out there? With a quick search I found PhishTank, which has API access and is free to use.
I ask because, whilst this is a great idea, Google can take some time to add sites to the list. I’ve occasionally submitted sites through either their report pages for malware or phising (it’s not always obvious which to use) and days later, they still haven’t been included.
On a related note, it would be really nice if there were a tool built into Brave to submit malicious URLs (perhaps with any supporting resources).
diracdeltas
commented
8 years ago Thanks for the tip about PhishTank. At a glance, it looks easier and more flexible than SafeBrowsing V4. SafeBrowsing would probably be more efficient, but I think PhishTank will do for now.
neeklamy
commented
8 years ago How much overlap is there between the two projects? PhishTank seems to be more narrowly defined.
It’s not clear how much development is happening with PhishTank either, the official blog was quietly shut down a few years ago* and the OpenDNS blog stopped talking about it in 2011.
Still, I registered for a PhishTank account and have checked out a few phishing pages – it’s kind of fun clicking away and seeing phishing pages being verified.
I found a couple more services, URLVoid, they use multiple reputation and blacklists. And URI Blacklist.
Incidentally, the malware infected site I submitted to Google still hasn’t been added, and is still active (with at least 30 thousand pages).
*This is the last, most recent blog post on the Wayback Machine, Two years of PhishTank and 1 million phishes (October 28, 2008).
bridiver
commented
8 years ago most of the safe browsing code is in src/chrome so I'm not sure if trying to pull it into Electron will be any better that doing something in the browser. The code in src/chrome is generally pretty tightly coupled to the Chrome browser implementation and we'd likely have to rewrite significant portions of it.
diracdeltas
commented
8 years ago @neeklamy thanks for checking out the other options. i'll check with my contact at opendns about current phishtank status.
@bridiver cool, i figured as much
diracdeltas
commented
8 years ago After talking to @bbondy , I think our first-pass strategy should be to merge the spam404 block list (https://github.com/Dawsey21/Lists) and the disconnect malware list (https://s3.amazonaws.com/lists.disconnect.me/simple_malware.txt) to create a tracking protection blocklist, updated once per week or so. The only difference is that these domains need to be blocked in 1st party contexts as well as 3rd party.
I also talked to OpenDNS today and learned that while phishtank is still maintained for now, they are actively working on a better version of Phishtank which should be good for our needs. But since phishtank blocks full URLs with paths, not just domains, it won't use the tracking protection code.
garvankeeley
commented
8 years ago @bbondy these lists seem to be straight URL matching rules, they don't consider the type of the resource, so I didn't think iOS needed to do its guess-the-resource-type code.
bbondy
commented
8 years ago that's fine for now. A future list might but I don't forsee that.
https://www.google.com/transparencyreport/safebrowsing/