Projects/SearchHijacking/2012-01-12
From MozillaWiki
< Projects
Notes
- Sheila, Cheng and Gavin met briefly to talk about search hijacking and explored some possible ideas for Q1.
Discussion
- Cheng proposal - 2 prong approach
- Harden Keyword URLs
- Not sufficient to completely solve the problem but will cover some cases
- Malware will adapt eventually but probably a good place to start
- Start measuring something - telemetry
- Measure how common is this, where are the most common places people are redirected to
- Explore what data would give us insight into the classes of problems
- Harden Keyword URLs
- Gavin
- Gathering data with telemetry is an interesting idea but we need to be mindful of privacy
- We could have a probe - does the actual url we start using match the real one
- Do they end up on the site they intended to go to?
- Can we tie this to the extension ping?
- Other ideas
- Emailing users with questions - outreach to understand the problem better
- Talk to google - might want to participate in exploring solutions.
- Detect DNS hijacking - google.com - compare it to known ip addresses
- Proposal
- Gavin - look into some solution telemetry
- Gavin - Harden keyword URLs - pretty straightforward - but sometimes users legitimately use that pref to change something.
- Cheng - how about prompt the user first time - "do you want to use yahoo as your keyword provider?"
- Have to prompt the user before changing that pref
- Gavin - Some implementation details - have something working is pretty easy < 1 day
- Some UX help on workflow
- DNS stuff - expands the scope
- Telemetry - how do we enumerate the types of problems
- Q1 Goal
- Get these in nightly by the end of the quarter.
Next Actions
- Gavin will meet with Limi and we can talk to him about
- Gavin will log the bugs for telemetry and prompting
- Sheila will touch base with Asa on plan
