Closed mikhaelkh closed 6 years ago
uBO won't vouch for any "website safety checker".
Best left to a dedicated extension.
You don't have to vouch for any particular tool if you give user a choice. @jspenguin2017 ?
if you give user a choice
Like direct them to WebStore to pick their own? What's on your mind?
Duplicate of #65 by the way (and https://github.com/gorhill/uMatrix/issues/185) (this was all before Web of Trust being found selling user data).
What's on your mind?
@jspenguin2017 more like use API to quickly see if the domain is safe, like red-yellow-green colors in the overview panel to see what requests from domain are currently blocked.
Maybe it makes sense to use separate color (say black) to indicate that there's an active filter which blocks whole domain? Currently green and red can turn yellow, but black will stay black.
if you give user a choice
use API to quickly see if the domain is safe
You just contradicted yourself.
You just contradicted yourself.
Actually no, because there can be several APIs from several sources. Nevermind, it's like gorhill said, best leave it to a dedicated extension.
from several sources
For example... ?
WOT:
You need an API key to use the public API. In order to request a key, you need a WOT account.
Well, you can't really ship an API key with the extension, but the alternative is to host your own server, which isn't ideal. You can ask the user to supply his own key but... can't you just send the user to WebStore to get the WOT extension?
When Safe Browsing flags a site, it looks like this:
Yandex:
Get a unique key.
Might have the same problem as WOT, I'm not sure if the API key can be public though, for WOT their TOS clearly implies the key is private.
I think Yandex's Safe Browsing is similar to Google's: when it flags, it means the site is really dangerous; and chances are Google already flagged it.
PhishTank
please register for an application key Without this key, you will be limited to a few downloads per day.
I haven't looked into it, but the key is probably private, and users who actually use the trust rating feature probably need more than "a few per day".
Also after a quick test, most of the sites they flag are already flagged by Google.
WOT has their own extension and the other three only flag really dangerous sites, and Chrome's big red block screen is probably enough of a warning already. Got better examples?
@jspenguin2017 I guess my issue is that one can't distinguish dangerous websites from others in the overview panel. Red color just indicate that there's no allowed requests from domain yet, which doesn't necessarily means the domain is unsafe. Another layer of protection like Google or Yandex Safe Browsing, or uMatrix is a smart choice in case you accidentally allow dangerous domain. Sometimes GSB blocks website because of crappy 3rd party ad provider, and use of uBO would eliminate the consequences.
Maybe it makes sense to use separate color (say black) to indicate that there's an active block filter for domain from filterlist that contains unsafe websites, e.g. "Malware domains"?
@mikhaelkh That makes no sense to me. If a big full screen warning is not enough, how will a color code in a small grid help?
It's not "not enough", it's "too much". It would help in the following way: it would clearly indicate that the domain is unsafe with high probability and save time to find which domain to allow: first consider yellow domains, then red, and only then, with extreme care, black. Preferably, black domains should be placed at the bottom, like in uMatrix.
@mikhaelkh I don't think it's too much, there is no reason for you to visit phishing sites to begin with.
Sometimes websites become victims of 3rd-party crap which gets blocked by GSB anyway.
@mikhaelkh Well, that's why you don't put untrusted third party stuff on your website.
Describe the issue
One way to quickly determine the broken filter is to add dynamic allow rules until site is rendered properly. Unfortunately, uBO (and uMatrix) provide no means to check if an unknown domain is safe. It can be done for example by adding a link to a website safety checker in the overview panel next to each domain.
Steps for anyone to reproduce the issue
Advanced mode
Your settings