Phishing use case - improvement

[Rafiot]

What is changing?

Right now, we have a weird malicious flag, it needs to go away.

The problem we want to solve is the following:

• Legitimate site legit.com has a logo, with hash <hash>. The <hash> is not a phishing marker as long as it is on the legitimate site
• The same hash is present on a site that is not legit.com. In that case, it should be marked as suspected phishing (Logo idea: fish with a question mark)

How will this impact users?

Help them to spot phishing cases more easily.

[quinnnorton]

create a check box for "suspected resource for phishing attacks (mark as legitimate for this site)" that will allow other sites it appears on to marked as "suspected phishing" based on the hash of the resource. I will need to make a suspected fishing icon, though this probably belongs in a instance annotation tool (vs a capture annotation tool) why am i giving myself more work to do

[esellier]

A perceptual hash may also be interesting (or a more efficient logo recognition API => Google Cloud Vision?), as well as some metadata on images (including XMP).
The main problem is to create the initial Hash DB with logos from all legit sites.