New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 917190 link

Starred by 3 users

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Implement Advanced Protection download protection prototype

Project Member Reported by drubery@chromium.org, Dec 21

Issue description

Based on email discussion, we're considering one of two alternatives for the early implementation of download protection for Advanced Protection users. Both use a flag to enable/disable this higher protection, since this is still in prototyping.

1. Indicate in the download ping whether the user has enabled higher protection, then the server can return one of the current verdicts.
2. Add an additional verdict which indicates "If user has enabled higher protection, UNCOMMON, otherwise SAFE". The server can return this verdict whenever the user is AP (already in the download ping), and the client will sort out whether the user has the flag or not.

I'd lean towards 2, since we'll eventually need an additional verdict indicating whether an unsafe download is due to SB or AP. (I think, depends on what UX settles on). Thoughts?


 
Email discussion settled on #1, to avoid skewing population-level metrics. The additional verdicts may be future work depending on the UX decisions.
Project Member

Comment 2 by bugdroid1@chromium.org, Jan 9

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2991238c37ab1cc28996a5eb0357a975b9a78e9f

commit 2991238c37ab1cc28996a5eb0357a975b9a78e9f
Author: Daniel Rubery <drubery@chromium.org>
Date: Wed Jan 09 01:58:49 2019

Client side changes for AP download protection

This CL adds a boolean to ClientDownloadRequest indicating whether we
should use the AP protections or not. It also adds a feature flag we can
use for testing these protections.

Bug: 917190
Change-Id: I4fc7ffc2a761f4339b3b2538be60b4232fd4d795
Reviewed-on: https://chromium-review.googlesource.com/c/1401239
Commit-Queue: Daniel Rubery <drubery@chromium.org>
Reviewed-by: Varun Khaneja <vakh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#620997}
[modify] https://crrev.com/2991238c37ab1cc28996a5eb0357a975b9a78e9f/chrome/browser/safe_browsing/download_protection/check_client_download_request.cc
[modify] https://crrev.com/2991238c37ab1cc28996a5eb0357a975b9a78e9f/components/safe_browsing/features.cc
[modify] https://crrev.com/2991238c37ab1cc28996a5eb0357a975b9a78e9f/components/safe_browsing/features.h
[modify] https://crrev.com/2991238c37ab1cc28996a5eb0357a975b9a78e9f/components/safe_browsing/proto/csd.proto
[modify] https://crrev.com/2991238c37ab1cc28996a5eb0357a975b9a78e9f/components/safe_browsing/web_ui/safe_browsing_ui.cc

Project Member

Comment 3 by bugdroid1@chromium.org, Jan 10

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/91874e34b63f0cd3c1f957625508d0da80359492

commit 91874e34b63f0cd3c1f957625508d0da80359492
Author: Daniel Rubery <drubery@chromium.org>
Date: Thu Jan 10 22:12:34 2019

Add chrome://flags entry for AP Download verdicts

This flag will be used for testing out the new download protection
verdicts for Advanced Protection users. Enabling this flag requests the
new verdicts.

Bug: 917190
Change-Id: I5649b7946685c20c5dcf9ec235678d746238b335
Reviewed-on: https://chromium-review.googlesource.com/c/1403981
Reviewed-by: Elly Fong-Jones <ellyjones@chromium.org>
Commit-Queue: Daniel Rubery <drubery@chromium.org>
Cr-Commit-Position: refs/heads/master@{#621773}
[modify] https://crrev.com/91874e34b63f0cd3c1f957625508d0da80359492/chrome/browser/about_flags.cc
[modify] https://crrev.com/91874e34b63f0cd3c1f957625508d0da80359492/chrome/browser/flag-metadata.json
[modify] https://crrev.com/91874e34b63f0cd3c1f957625508d0da80359492/chrome/browser/flag_descriptions.cc
[modify] https://crrev.com/91874e34b63f0cd3c1f957625508d0da80359492/chrome/browser/flag_descriptions.h
[modify] https://crrev.com/91874e34b63f0cd3c1f957625508d0da80359492/tools/metrics/histograms/enums.xml

Sign in to add a comment