It appears that Windows browsers typically write data regarding where files were downloaded from in an alternate data stream associated with the downloaded file. Even Firefox writes this data, here. We can use this feature to allow the installer to read where it was downloaded from and make that information available to the installation that it installs. This would be similar to how existing Windows attribution works.

Initially, we just want to see what kind of data is available, probably collecting this information:

• Whether the file system supports Alternate Data Streams at all, and potentially the file system (e.g. NTFS, FAT, remote SMB/CIFS, other)
• Whether :Zone.Identifier exists, and if so, what ZoneId is
• Whether ReferrerURL exists
• Whether HostURL exists
• Whether “mozilla.org” and other known fragments/prefixes are in ReferrerURL and/or HostURL

If it looks like there is good data available, we will want to explore how we can safely retrieve data that could shed light on the unattributed funnel.

I'd like to choose a new name for this idea, since it's different than how our existing attribution systems work. I suggest "client-side provenance", but I'm happy for Robin to have the final choice.

The point is that this augments our existing attribution system: it's entirely possible to see installers that are attributed from mozilla.org but have client-side provenance a third-party site like cnet.com. We shouldn't trust the client-side provenance over the binary attribution -- or at least, not yet :)

Robin, if you prefer a different name, counter with it? And maybe update the ticket title? Thanks!

(In reply to Nick Alexander :nalexander [he/him] from comment #1)

The point is that this augments our existing attribution system

Ah, good point.

Robin, if you prefer a different name, counter with it? And maybe update the ticket title? Thanks!

No, I think this name is fine.

This patch was heavily inspired by the existing 7z customizations that read the download token into the "postSigningData" file. In both cases, the installation self-extractor copies some data into the same temporary directory where the installer is written. It will then be up to the NSIS installer to copy that file into the installation directory (that work will be done later in this stack).

This patch also includes changes to some files that were regenerated based on the code changes made.

• mozilla_customizations.diff was updated so that it still reflects all Mozilla-made code changes to 7z.
• The 7zSD.ARM64.sfx and 7zSD.Win32.sfx executables were re-built from the new code.
• SFXSetup.vcxproj was updated to use newer toolchains.

Depends on D171108

Comment on attachment 9320056 [details]
Bug 1814968 - Customize 7z to write provenance data r=nalexander!

Revision D171109 was moved to bug 1815019. Setting attachment 9320056 [details] to obsolete.

There may be some follow-up based on the data we get but we will file a new meta to track that work. Closing this as done. Thanks all.