Bug 226184 - www/chromium: increase requests quota for Google API Key
Summary: www/chromium: increase requests quota for Google API Key
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-chromium mailing list
URL:
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2018-02-24 19:39 UTC by Jan Beich
Modified: 2018-11-10 00:23 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (chromium)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Beich freebsd_committer 2018-02-24 19:39:32 UTC
www/chromium and www/firefox share Google API Key. Both browsers switched to Safe Browsing V4 which has restrictions on usage. In order for FreeBSD users to be warned about phishing sites someone has to contact Google in order to increase quota. Mozilla reached out to us sometime ago but it turned out rene@ doesn't control the key.

https://www.google.com/chrome/browser/privacy/whitepaper.html#malware
https://developers.google.com/safe-browsing/v4/usage-limits

Demos:
http://testsafebrowsing.appspot.com/
http://phishing.safebrowsingtest.com/
http://malware.testing.google.test/testing/malware/
Comment 1 Jan Beich freebsd_committer 2018-02-24 19:40:00 UTC
Carlos, do you know how to debug Safe Browsing in Chromium? Here's an example from Firefox:
http://docs.freebsd.org/cgi/mid.cgi?4lps-lr7b-wny
Comment 3 Jan Beich freebsd_committer 2018-02-24 20:29:28 UTC
Nowadays, phishing sites are more popular than malware sites.
https://transparencyreport.google.com/safe-browsing/overview
Comment 4 Jan Beich freebsd_committer 2018-02-24 21:55:43 UTC
To be specific, Safe Browsing V4 was enabled in Chromium 62 and Firefox 57 (56 was staged rollout).

https://chromium.googlesource.com/chromium/src/+/550e314e8fc7%5E%21/
https://hg.mozilla.org/mozilla-central/rev/b7f1511115e9
Comment 5 Jan Beich freebsd_committer 2018-02-24 22:29:38 UTC
Mozilla has more useful links: https://wiki.mozilla.org/Security/Safe_Browsing#QA
I've tried a few URLs from Phishtank and Firefox 58 with Arch Linux key and Firefox 52.6 with FreeBSD key (unused) correctly report those as deceptive.
Comment 6 Carlos J. Puga Medina freebsd_committer 2018-02-25 21:44:55 UTC
(In reply to Jan Beich from comment #1)

René can shed some light here :-)

https://lists.freebsd.org/pipermail/freebsd-gecko/2017-September/007589.html

Here are some useful links:

https://developers.google.com/safe-browsing/v4/get-started
https://github.com/google/safebrowsing
Comment 7 Carlos J. Puga Medina freebsd_committer 2018-02-25 21:55:14 UTC
(In reply to Carlos J. Puga Medina from comment #6)

According to the chromium's commits history, George Liaskos submitted the FreeBSD API key.

https://www.freshports.org/commit.php?category=www&port=chromium&files=yes&message_id=201306031755.r53HtCbv000642@svn.freebsd.org
Comment 8 Rene Ladan freebsd_committer 2018-02-25 22:03:07 UTC
The API key is the one listed in the www/chromium Makefile: api-project-996322985003
Comment 9 Jan Beich freebsd_committer 2018-02-27 21:45:33 UTC
Works fine now. Reopen if it doesn't.