For popup blocking and notifications, I agree with Andreas - the tradeoff from the user perspective is not right.
Gavin On Fri, Mar 6, 2015 at 10:23 AM, <[email protected]> wrote: > >> On Mar 6, 2015, at 6:18 PM, Ehsan Akhgari <[email protected]> wrote: >> >> On 2015-03-06 1:14 PM, [email protected] wrote: >>> >>>> On Mar 6, 2015, at 5:52 PM, Anne van Kesteren <[email protected]> wrote: >>>> >>>> On Fri, Mar 6, 2015 at 6:33 PM, <[email protected]> wrote: >>>>> Is the threat model for all of these permissions significant enough to >>>>> warrant the breakage? >>>> >>>> What breakage do you envision? >>> >>> I can no longer unblock popups on sites that use HTTP. The web is a big >>> place. It will take a long time for everyone to move. >> >> I think Anne is not proposing that. He's proposing blocking persisting >> those permissions. IOW you would be able to still show popups from these >> websites, but you won't be able to ask Firefox to remember your preference. > > I know but we will break the persisting. The user will be annoyed that popup > unblocking doesn’t work as expected on HTTP sites. > > I am all for securing dangerous permissions but popups and notifications > seems more like we are wagging our finger at the user in unhelpful ways. Most > users will simply think Firefox is broken. > > Thanks, > > Andreas > >> >>>> Having said that: >>>> >>>> * Geolocation allow for tracking the user >>>> * Fullscreen allows for impersonating the OS >>>> * Pointer Lock allows for spoofing >>> >>> The two seem fairly trivial problems. The user will simply stop going to >>> the spamming site. I don’t think it makes sense to treat them in the same >>> bucket as the above 3. >> >> I agree that the above three are more important problems to address, FWIW. >> > > _______________________________________________ > dev-platform mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
