Closed Bug 1149825 Opened 10 years ago Closed 9 years ago

Categories

(Core :: DOM: Security, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: francois, Assigned: francois)

References

Details

Attachments

(1 file, 5 obsolete files)

In order to have a test page for the tracking protection feature, we should have a test page that's like the other ones we use for Safe Browsing: http://itisatrap.org/firefox/its-a-trap.html http://itisatrap.org/firefox/its-an-attack.html Then maybe we could convince disconnect to add it to their list.
Ben, from what I can see on https://github.com/mozilla/itisatrap, you seem to be the maintainer of the existing test pages. I'd like to have a similar page to test the tracking protection feature. Instead of blocking the whole page though, we'd need that page to iframe a piece of content that should be blocked, so something like: firefox/its-a-tracker.html ---(iframe)---> firefox/its-a-tracker-frame.html The main page could explain that the rest of the page should be empty and the iframe could have a "you've been tracked" message. Do you know who I should talk to?
Flags: needinfo?(bsternthal)
In the past I helped update these pages. It's sort of a weird fit for my team but if no one else can do it I can help. Do you have the HTML skills to create the above and create a PR? If so I can help review and get it pushed live.
Flags: needinfo?(bsternthal)
Thanks Ben. I can certainly do that and submit a PR.
Depends on: 1182876
Attached file Test page (obsolete) (deleted) —
Here's the test page I'm currently playing with. The URLs are obviously temporary and will be decided in bug 1182876.
Attached file Test page (obsolete) (deleted) —
This test page should have the final test domains (which I just registered).
Attachment #8633952 - Attachment is obsolete: true
No longer depends on: 1182876
Attached file Test page (obsolete) (deleted) —
Here's a version of the test page with support for the whitelist too. This will need to be hosted on the itisatrap.org domain for the whitelist entry to work.
Attachment #8634324 - Attachment is obsolete: true
Depends on: 1141352
Assignee: nobody → francois
Status: NEW → ASSIGNED
Attached file its-a-tracker.html (obsolete) (deleted) —
Matej, if you'd like to review the copy on this new test page for tracking protection, you can click on the HTML I've attached here. It may be a bit premature because the messaging around that feature is not finalized and the copy is likely to change, but I need to put something up so that we have an easy way to test that TP is working. I'd like to make sure the copy is not too horrible :)
Attachment #8641954 - Attachment is obsolete: true
Attachment #8647781 - Flags: feedback?(matej)
Attached image Screenshot of the page (obsolete) (deleted) —
Here's a screenshot that's nicer to look at than the unstyled HTML.
Copy looks OK, I would just remove the word "mode" after "Private Browsing." I'm also adding Javaun here as there was a lot of legal back and forth about what we can and can't say wrt to TP. It might not apply in this case, but want to be sure.
Flags: needinfo?(jmoradi)
Javaun, just to add a bit of context, this is a test page for TP that mimics the existing Safe Browsing test pages (click "Ignore warning"): http://itisatrap.org/firefox/its-a-trap.html http://itisatrap.org/firefox/its-an-attack.html http://itisatrap.org/firefox/unwanted.html
This bug is still telling me that there's a flag set for me. Going to clear the ni? for Javaun to see if that fixes it.
Flags: needinfo?(jmoradi)
Nope. How odd. Resetting flag for Javaun.
Flags: needinfo?(jmoradi)
yeah, I hate to be the wet blanket. Suggested edits: 1. I would kill the line "I'm a naughty tracker trying to spy on you" because there is a lot of nuance here and we don't want to make it black/white. For example, we pay extra for Google Analytics on sumo.mozilla.org so that all analytics data stays in Mozilla's account and doesn't go to Google. (FWIW we're also working on supporting DNT on Mozilla pages so that analytics would be turned off for those users). Anyway, we use analytics because it tells us where to apply our very limited support resources. A sudden surge in traffic to a SUMO page might also mean we introduced a product feature that is unclear to users, and that we need to work on our feature UX. TL;DR; it's complicated. ==== 2. After the tongue-in-cheek "Ok, not really", could we say something more literal. "This is a test page that simulates first and third-party tracking loads to test Tracking Protection in Firefox." a. A simulated first-party tracker (allowed) b. A simulated third-party tracker (blocked) ======= 3. "Firefox 42 and above now features built-in Tracking Protection in Private Browsing windows". I would kill the part about "to help you block trackers" since this is a test page and we don't even need to go into consumer benefit. Anyone coming here is a developer/power user and gets it. I suggest killing consumer benefit language because that's the one area most scrutinized by legal, the reason is they don't want to give anyone a false sense of security (there may be trackers on the page that aren't yet on the list, or first-party tracking may be particularly invasive and we don't stop that) 4. "If you are running Firefox 42 or later and viewing this page in a Private Window, you should see a shield icon..."
Flags: needinfo?(jmoradi)
I think it's implicit in my #1 above, but I was making that point that analytics -- considered a tracker -- are helpful to users, even to the users who block them. It tells us where to focus scarce resources to help users. If you're a user who blocks all analytics, you still reap the benefits of those who allow them, because we've improved our support or features based on the feedback we received.
Just realized Francois is making HTML changes. Francois, I'm happy to do these or find someone else, I know you're busy. If you want to hand then off just point us to the repo and let us know if you're doing fork and pull
Flags: needinfo?(francois)
(In reply to Javaun Moradi [:javaun] from comment #16) > Just realized Francois is making HTML changes. Francois, I'm happy to do > these or find someone else, I know you're busy. If you want to hand then off > just point us to the repo and let us know if you're doing fork and pull Sure, if you can get someone to make the changes you want, the repo is here: https://github.com/mozilla/itisatrap and the pull request that person should base their work on is here: https://github.com/mozilla/itisatrap/pull/6 Note that the visual style (and the copy to an extent) are set to match the existing Safe Browsing test pages: http://itisatrap.org/firefox/its-a-trap.html, http://itisatrap.org/firefox/its-an-attack.html and http://itisatrap.org/firefox/unwanted.html
Flags: needinfo?(francois)
Attachment #8647781 - Flags: feedback?(matej)
Javaun, have you found someone to do your copy changes?
Flags: needinfo?(jmoradi)
Attached image its-a-tracker.png (deleted) —
Javaun, I've tried to address the bulk of your comments in my latest version. I'd like to push that to production ASAP because we really need to have all the tools we can to start testing this feature. We can always come back and redesign the test page later.
Attachment #8647781 - Attachment is obsolete: true
Attachment #8647788 - Attachment is obsolete: true
Flags: needinfo?(jmoradi)
Attachment #8655165 - Flags: review?(jmoradi)
Looks good Francois. I'm sorry I haven't found a copy person yet. I think those edits are good though, the biggest flags are all covered.
Attachment #8655165 - Flags: review?(jmoradi) → review+
I think this is ready to be deployed. Combined with bug 1184773, this will give us the test page we need for quick sanity checks. Ben, is there anything else you need from me?
Flags: needinfo?(bsternthal)
Can you need info me on the PR? I can then review.
Flags: needinfo?(bsternthal)
(In reply to Ben (:bensternthal) from comment #22) > Can you need info me on the PR? I can then review. Done. For the record, the PR is at https://github.com/mozilla/itisatrap/pull/6
Depends on: 1201320
Depends on: 1201578
QA Contact: mwobensmith
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: