Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible false positives for mozilla #14

Closed
lightswitch05 opened this issue Aug 9, 2018 · 6 comments
Closed

Possible false positives for mozilla #14

lightswitch05 opened this issue Aug 9, 2018 · 6 comments

Comments

@lightswitch05
Copy link

Hello Anudeep,

Thank you for providing this great blocklist. I do have a question about a couple Mozilla domains:

blocklists.settings.services.mozilla.com

This URL is used by Firefox and Thunderbird to ban extensions that cause a security threat against its users. More information about how the blocklist works can be found in this FAQ. You can also view the contents of the blocklist. Some of these extensions look pretty nasty, I definitely would not want them installed on my computer. Perhaps you will consider removing this domain from your lists so that users can remain protected against these malware extensions.

shavar.services.mozilla.com

From Mozilla's site:

Originally designed for phishing protection the protocol was co-opted so that the tracking protection project would be able to publish larger data sets without incurring large bandwidth usage for mobile clients.

So this is Firefox's version of Google's 'Safe Browsing' feature. I can see why you would block this, but unfortunately its also the service that provides domains to block for Firefox's built-in tracking protection.

firefox.settings.services.mozilla.com

I use a Firefox account to sync my setting across devices. My understanding is that everything is fully encrypted using a key derived from the user password and cannot be recovered/decrypted on the server without the users password. I did find that they do store IP addresses for security reasons, but I do not believe it is stored unless you are actively using this service.

I've whitelisted all those domains on my end, so this isn't causing me any trouble, but I thought I might open a ticket so that I could get your viewpoint on them.
anudeepND added a commit that referenced this issue Aug 9, 2018
@anudeepND
removed false positives
402e9a5 
#14
@anudeepND
Copy link
Owner

@lightswitch05 Thanks for the information. Really appretiate your help man :)

@lightswitch05
Copy link
Author

@anudeepND have you ever tried to get this list included in Steven Black's project?

@anudeepND
Copy link
Owner

@lightswitch05 Actually no, but I would love to do that...

@lightswitch05
Copy link
Author

@anudeepND submit a pull request and see what he says. Here is my old pull request if you want an example of what to include: StevenBlack/hosts#633

@anudeepND
Copy link
Owner

@lightswitch05 thanks for the reference PR, one quick question, how do you deal with the duplicates? Currently what I that is do is that I keep on adding the domains and once (or twice) a month I remove the duplicates.

@lightswitch05
Copy link
Author

I don't currently do anything about duplicates. I'll search his list before adding something to mine, but if duplicates get added, I've never removed any entries

@badmojr badmojr mentioned this issue Apr 9, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lightswitch05 @anudeepND