webcompat / webcompat.com

Source code for webcompat.com
https://webcompat.com
361 stars 191 forks source link

Redirect new reports to Google Safe Browsing for phishing and malware sites #2214

Open reinhart1010 opened 6 years ago

reinhart1010 commented 6 years ago

Recently, we received several non-compat and invalid reports such as webcompat/web-bugs#15856, webcompat/web-bugs#15849 and webcompat/web-bugs#15101, which are reporting fraudulent and scam websites.

This is possibly caused by the ambiguity from the "Report Site Issue" feature inside the "Page Actions" (3 dots) button. However, Firefox has another "Report Web Forgery" feature that is hidden from Menu (3 lines) > Help. The word "site issue" could refer to different problems, such as broken design, certificate issue, as well as malicious website. Hence, some users submit those reports without knowing what is (not) a Webcompat issue.

One way to solve this problem is by allowing users to report phising and malware sites using the Webcompat form. Instead of submitting this as a GitHub issue, the form should redirect to respective Google Safe Browsing phising and malware report forms. The user will then add the description and finish the CAPTCHA challenge on the respective webpages to submit the report.

A sample notice that could be used is shown below.

Sample notice

This method could simplify the process of reporting new site issues, whether it is a Webcompat issue or an Internet security issue. In addition, there should be less malicious website reports on Webcompat itself.

zoepage commented 6 years ago

Interesting thought. @adamopenweb what do you think about this?

adamopenweb commented 6 years ago

It's a good idea. Since the webcompat reporter is only available in Nightly and Dev Edition I think it hasn't been UX reviewed in the context of Malicious site or Firefox feedback. This could help work around that for some users.

My concern is users do not normally choose the correct Type of bug so the value of this should probably be tested.

karlcow commented 6 years ago

Before doing that, can we know how many such reports we had in the past? So we can just know how much needed is it?

@miketaylr said that probably @MDTsai addon could solve this issue.

reinhart1010 commented 6 years ago

Some stats so far:

*Some of these are legitimate webcompat issues

^I have included a temporary notice mentioning Google Safe Browsing similar to below

Firefox has another report feature (see Menu > Help > Report Deceptive Site...) which is powered by Google Safe Browsing.

It's also interesting that some users have reported sites that have been blocked. This is the case for the site laserveradedomaina.com in report webcompat/web-bugs#19226, which had been reported first (before being blocked) in webcompat/web-bugs#17663

softvision-oana-arbuzov commented 5 years ago

More stats: