Bug 226184

Summary:	www/chromium: increase requests quota for Google API Key
Product:	Ports & Packages	Reporter:	Jan Beich <jbeich>
Component:	Individual Port(s)	Assignee:	freebsd-chromium (Nobody) <chromium>
Status:	Closed FIXED
Severity:	Affects Only Me	CC:	cpm, rene
Priority:	---	Keywords:	needs-qa, security
Version:	Latest	Flags:	bugzilla: maintainer-feedback? (chromium)
Hardware:	Any
OS:	Any
See Also:	https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233095

Description Jan Beich freebsd_committer

2018-02-24 19:39:32 UTC

www/chromium and www/firefox share Google API Key. Both browsers switched to Safe Browsing V4 which has restrictions on usage. In order for FreeBSD users to be warned about phishing sites someone has to contact Google in order to increase quota. Mozilla reached out to us sometime ago but it turned out rene@ doesn't control the key.

https://www.google.com/chrome/browser/privacy/whitepaper.html#malware
https://developers.google.com/safe-browsing/v4/usage-limits

Demos:
http://testsafebrowsing.appspot.com/
http://phishing.safebrowsingtest.com/
http://malware.testing.google.test/testing/malware/

Comment 1 Jan Beich freebsd_committer

2018-02-24 19:40:00 UTC

Carlos, do you know how to debug Safe Browsing in Chromium? Here's an example from Firefox:
http://docs.freebsd.org/cgi/mid.cgi?4lps-lr7b-wny

Comment 2 Jan Beich freebsd_committer

2018-02-24 19:48:38 UTC

For testing keys from different projects maybe useful e.g.,
https://anonscm.debian.org/cgit/pkg-chromium/pkg-chromium.git/tree/debian/apikeys
https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/chromium
https://src.fedoraproject.org/cgit/rpms/chromium.git/tree/chromium.spec
https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/chromium/chromium-65.0.3325.73.ebuild

Comment 3 Jan Beich freebsd_committer

2018-02-24 20:29:28 UTC

Nowadays, phishing sites are more popular than malware sites.
https://transparencyreport.google.com/safe-browsing/overview

Comment 4 Jan Beich freebsd_committer

2018-02-24 21:55:43 UTC

To be specific, Safe Browsing V4 was enabled in Chromium 62 and Firefox 57 (56 was staged rollout).

https://chromium.googlesource.com/chromium/src/+/550e314e8fc7%5E%21/
https://hg.mozilla.org/mozilla-central/rev/b7f1511115e9

Comment 5 Jan Beich freebsd_committer

2018-02-24 22:29:38 UTC

Mozilla has more useful links: https://wiki.mozilla.org/Security/Safe_Browsing#QA
I've tried a few URLs from Phishtank and Firefox 58 with Arch Linux key and Firefox 52.6 with FreeBSD key (unused) correctly report those as deceptive.

Comment 6 Carlos J. Puga Medina freebsd_committer

2018-02-25 21:44:55 UTC

(In reply to Jan Beich from comment #1)

René can shed some light here :-)

https://lists.freebsd.org/pipermail/freebsd-gecko/2017-September/007589.html

Here are some useful links:

https://developers.google.com/safe-browsing/v4/get-started
https://github.com/google/safebrowsing

Comment 7 Carlos J. Puga Medina freebsd_committer

2018-02-25 21:55:14 UTC

(In reply to Carlos J. Puga Medina from comment #6)

According to the chromium's commits history, George Liaskos submitted the FreeBSD API key.

https://www.freshports.org/commit.php?category=www&port=chromium&files=yes&message_id=201306031755.r53HtCbv000642@svn.freebsd.org

Comment 8 Rene Ladan freebsd_committer

2018-02-25 22:03:07 UTC

The API key is the one listed in the www/chromium Makefile: api-project-996322985003

Comment 9 Jan Beich freebsd_committer

2018-02-27 21:45:33 UTC

Works fine now. Reopen if it doesn't.