Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve our phishing warning page #16602

Closed
bschorchit opened this issue Nov 21, 2022 · 3 comments
Closed

Improve our phishing warning page #16602

bschorchit opened this issue Nov 21, 2022 · 3 comments
Assignees
@aleksandar-mihajlovic
Labels
team-extension-platform type-enhancement type-security

Comments

@bschorchit
Copy link

bschorchit commented Nov 21, 2022
edited
Loading

Background

The phishing warning page is the page users are displayed when they try to visit a malicious site that is on our phishing list. A new design for this page was created and a PR to implement it was started in phishing-warning repo (MetaMask/phishing-warning#40), but not finalized. We should help get the PR (or a new one that implements to new design) ready for review.

Additionally, we should add some metrics to this page to help us understand the frequency of occurrence and usage of this phishing warning. We'll add 2 new events: Phishing Page Displayed and External Link Clicked.

Phishing Page Displayed has the following properties:

url: url that triggered the phishing warning page to be displayed

External Link Clicked has the following properties:

link_type: phishing_detection
url: url of the link the user clicked
location: phishing_warning_page
category: Navigation

Acceptance criteria

  1. This PR (or a new PR that implements the same new design for the phishing warning page) is ready for review.
  2. Users can read the attribution to who flagged the domain, probably passed to that page with a query string.
  3. For users who want to ignore the warning message, move them only to URIs with a specific protocol.
  4. For users that have opted in for MetaMetrics, we fire an Phishing Page Displayed event whenever this phishing-warning page is loaded.
  5. For users that have opted in for MetaMetrics, we fire an External Link Clicked event whenever the user clicks on one of the links in the phishing-warning page.
  6. No events are fired for users that have opted out of MetaMetrics.

Steps to reproduce

  1. Go to a reported bad domain (some examples here) - be careful as those have been reported as malicious sites so you don't want to actually connect your MetaMask wallet or perform any transaction or signature on those websites
  2. Notice the MetaMask phishing-warning page being displayed
@bschorchit bschorchit mentioned this issue Nov 21, 2022
Open
3 tasks
@bschorchit bschorchit mentioned this issue Dec 16, 2022
Closed
@bschorchit
Copy link
Author

External Link Clicked is not part of this issues' scope anymore. I'll move it to a new issue.

@ElvirCe ElvirCe mentioned this issue Jan 27, 2023
Closed
@ElvirCe
Copy link

ElvirCe commented Jan 27, 2023

The Metrics part will be handled in ticket #17453

@holantonela holantonela mentioned this issue Feb 1, 2023
Merged
@bschorchit
Copy link
Author

Closing as this MetaMask/phishing-warning#52 has been merged

@holantonela holantonela mentioned this issue Mar 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aleksandar-mihajlovic aleksandar-mihajlovic

Labels
team-extension-platform type-enhancement type-security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@gauthierpetetin @bschorchit @ElvirCe @aleksandar-mihajlovic and others