fmarier
commented
7 years ago The relevant Safe Browsing API for this is https://developers.google.com/safe-browsing/v4/lookup-api.
Open muffinresearch opened 7 years ago
fmarier
commented
7 years ago The relevant Safe Browsing API for this is https://developers.google.com/safe-browsing/v4/lookup-api.
vad1m
commented
7 years ago What about allowing users to use direct links instead of proxying them via mozaws servers? What is a benefit there? No proxying -> no blacklisting -> no extra money for proxy servers and unblocking efforts..
We recently had this issue [1] on AMO which meant that because outgoing had historical links that continued to point to bad domains (despiite the addons being previously disabled) the whole of outgoing.prod.mozaws.net was seen as an attack page to firefox users that have the "Block dangerous and deceptive content" option enabled in about:preferences#security
Filing this issue to consider if outgoing should block redirections for bad hosts by checking the same blocklists and show a less scary page informing the user for a single link.
The main goal here is to prevent outgoing's host from getting completely blacklisted again in the future.
We could also consider filtering on the way in on AMO, but the problem with the block lists is that what was seen as OK yesterday could get blocked tomorrow and therefore handling the problem on the way out seems like a better solution.
We'd also need to log bad urls so that we could take action and inform a developer of a problem where the links are coming from AMO.
[1] https://github.com/mozilla/addons/issues/3944