On Sun, Jan 21, 2018 at 6:29 PM, Jonathan Kingston wrote:
>> But this vector is not realistic. The website _included_ the thirdparty.
>> They want this tracking to occur. If we blocked invisible login forms from
>> autofill - the website will make the forms unobtrusively visible so they get
>> aut
> But this vector is not realistic. The website _included_ the thirdparty.
They want this tracking to occur. If we blocked invisible login forms from
autofill - the website will make the forms unobtrusively visible so they
get autofilled.
Do we know this? My understanding was most research suggest
It seems we are in a bad position here. There's two vectors:
The browser and the website are collaborating to mitigate tracking by
a third party.
The third party makes an invisible login form - well we can restrict
autofill to only visible elements. Or make a write-only form field
that prevents re
I wanted to follow up to make it clear what the change would look like.
Here is what autofill population looks like:
Here is what the it looks like after autofill is disabled:
This then becomes consistent with Private Browsing mode and HTTP sites
already work.
This is also consistent with how
On Tue, Jan 9, 2018 at 8:43 AM, Gervase Markham wrote:
> On 01/01/18 20:08, Jonathan Kingston wrote:
> > A recent research post[1] have highlighted the need for Firefox to
> disable
> > autofilling of credentials. The research post suggests web trackers are
> > using autofilling to track users ar
On 01/01/18 20:08, Jonathan Kingston wrote:
> A recent research post[1] have highlighted the need for Firefox to disable
> autofilling of credentials. The research post suggests web trackers are
> using autofilling to track users around the web.
Autofill is restricted to same-domain (roughly) so h
So it turns out dev-platform is plain text.
Here is a link explaining the states instead:
https://imgur.com/a/JO6pk
Thanks
Jonathan
On Mon, Jan 8, 2018 at 2:10 PM, Jonathan Kingston wrote:
> I wanted to follow up to make it clear what the change would look like.
>
> Here is what autofill popul
I wanted to follow up to make it clear what the change would look like.
Here is what autofill population looks like:
Here is what the it looks like after autofill is disabled:
This then becomes consistent with Private Browsing mode and HTTP sites
already work.
This is also consistent with h
There are some other alternatives that we could take here:
1. Improve the UX of autofill
a. present the credentials to the user on visible forms when the page
loads
- Google had a project on doing this and it never got completed. It
appears there are many issues with this solution [4].
2.
Am 02.01.18 um 17:22 schrieb Gijs Kruitbosch:
On 01/01/2018 20:08, Jonathan Kingston wrote:
We have the ability to turn off the whole login manager within Firefox
preferences: "Remember logins and passwords for web sites" but no way to
prevent autofill.
There's an about:config pref, as [1] poi
On 01/01/2018 20:08, Jonathan Kingston wrote:
We have the ability to turn off the whole login manager within Firefox
preferences: "Remember logins and passwords for web sites" but no way to
prevent autofill.
There's an about:config pref, as [1] points out, which does this.
I wonder if there's
A recent research post[1] have highlighted the need for Firefox to disable
autofilling of credentials. The research post suggests web trackers are
using autofilling to track users around the web.
Currently we take the stance to require user interaction for addresses and
credit card filling, howeve
12 matches
Mail list logo
