Closed Bug 33576 Opened 24 years ago Closed 12 years ago

Redesign of "accept images only from originating server" pref

Categories

(SeaMonkey :: Preferences, defect)

Product:
SeaMonkey
Component:
Preferences
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: jay, Unassigned)

References

(Depends on 1 open bug,
URL
)

Details

(Keywords: helpwanted, Whiteboard: ui spec in comment 32 [2012 Fall Equinox][extension fodder]) 

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; N; Win98; en-US; m14)
BuildID:    32708

Prefs/cookies and images/accept images only from originating server - causes
SEARCH button to disappear on Altavista

Reproducible: Always
Steps to Reproduce:
1. Configure prefs to "accept images only from originating server"
2. Visit Altavista
3. No SEARCH button
4. Configure prefs to "accept all images"
5. Revisit Altavista
6. Search Button is present


Actual Results:  No search button	

Expected Results:  Expect to see the search button when configured to "accept
images only from originating server".
Does the search button utilize an image from a different server?

The SEARCH button image is originating from another server as per:

 http://a12.g.akamai.net/7/12/282/79f2845b1f889a/www.altavista.com/i/search.gif

So now what does this do to the pref? We are going to encounter more of this 
issue.
Not sure I see a way around this. If you want the search button then don't
enable that pref or convince altavista to move the image to the same server. The
pref is supposed to reject images from other servers (not exactly sure why
anyone would want to do this in the first place).  Sounds like a WONTFIX or
INVALID.   Am I missing something here?

I don't think there's much chance of convincing AV to rearrange their server. 
What concerns me the most is with the pref enabled there is going to be a flood 
of Q's in the support groups a la "The button's not there in xxx.xxx.xxx", etc 
ad nauseum !! And then it's going to be "our fault" :o(

My suggestion is to leave the feature enabled as-is, as the benefits far 
outweigh the problems that may crop up. I think we can close this issue now.
-> sending to UI Feedback for discussion.  I think maybe we need a good warning
on the enabling of that pref and it should definitely default to allowing all
images.
Assignee: cbegle → bdonohoe
Component: Browser-General → User Interface: Design Feedback
QA Contact: asadotzler → elig
Yes, definitely. Anything to avoid the whining in the groups.
Jay sent this to me as a possible warning. (and I'm confirming this too)

WARNING: Enabling this feature may cause some sites to operate
incorrectly, ie., Form Submit Buttons as images that originate from
another server may not appear, resulting in no way to send the form
results.

Should this be in Preferences?
Status: UNCONFIRMED → NEW
Ever confirmed: true
It's an awful lot of text but if there is a reasonable spot to add it then maybe
someone with vast experience in writing tech manuals could shorten it a bit.
Otherwise, go for it!

What exactly is the benefit of this feature?  Blocking advertisements?  If so, 

then it's a feature designed around the implementation and not the goal.  If the 

implementation can cause significant problems (as seems to be the case here) then 

the goal is not reached.  IMHO, the solution is a better design (which is 

admittedly not an easy thing to do in this case; selective filtering never is), 

not a warning label.



Reassigning to German for comment.
Assignee: bdonohoe → german
Yes I agree, its not clear what the pref is supposed to do. First time I am
seeing this in the product. As is it's not clear from the description what this
supposed to be good for. Also users may set the pref(not knowing what it does,
thinking it increases their level of privacy/security), and then not see the
consequences until later. For endusers the search btn on altavista is a control
not an image.
Unless somebody can convincingly make a good case for this feature I think it
should be removed asap. If this was really meant to kill advertising this
feature (even once relabeled) is implemented in such a primitive way that it
does more harm than good.
Passing on to Ben as moz UI module owner.
Assignee: german → ben
bouncing over to steve as he owns this feature
Assignee: ben → morse
I'm open to suggestions as to how better to determine a foreign image.  This is 
obviously a new feature and may need some fine tuning to get it right.

But it is doing what it was intended to do so I could close it out as invalid. 
Furthermore, the user had to explicitly set the pref (it is not the default).

However I will keep it open so we can keep thinking about it and maybe come up 
with the right heuristic.  Pushing out to M18 for now but that doesn't mean that 
I won't work on it sooner if someone comes up with the right suggestion.    
Perhaps the right suggestion is to drop this choice completely (just leave in 
"accept all" and "reject all").
Status: NEW → ASSIGNED
Target Milestone: --- → M18
As the 'user' that found this problem my suggestion is to leave the feature 
as-is. So far I have only found this error on AltaVista and I think that this 
will be the exception by far and not the rule. If Q's arise in the support 
groups we simply blame it on the originating site. :-)
I should add that I have already refined the heuristic somewhat.  Initially I 
was checking for an exact host match.  That meant that site x.netscape.com 
couldn't put up images from y.netscape.com.  I modified it to include domain 
matches instead.  There might be more fine tuning needed in that regard.
QA Assigning non-confidential New/Assigned User Interface: Design Feedback bugs 
to Matthew Thomas (mpt@mailandnews.com).

Matthew Thomas is now the QA owner for the User Interface: Design Feedback 
component. (Bugs that involve UI issues in the Netscape-branded Mozilla browser 
should continue be QA assigned to elig@netscape.com.)
QA Contact: elig → mpt
Steve, you can't assume a given number of domain levels like that. If you allow 
x.netscape.com to put up images from y.netscape.com, then you have the problem of 
moneysuckers.com.au being able to put up images from annoying-ads.com.au, and 
boring.co.uk being able to put up images from imagespewers.co.uk, and so on.

Resummarizing and reclassifying to more accurately reflect the problem. I'll try 
to come up with a UI solution soon.
URL: http://www.altavista.digital.comhttp://apple.com/
Component: User Interface: Design Feedback → Preferences: Backend
OS: Windows 98 → All
Hardware: PC → All
Summary: Search button not present when rejecting images from non-originating server → Rejecting other-server images is undesirable for some popular sites
Sure it fails for the counter-example you gave.  And we all know about the 
problem with domain cookies when country-urls are used.  But I'm not trying to 
get it right 100% of the time, only most of the time.  That's why I said I am 
using an heuristic.  If it fails for country urls, so be it.  At least it works 
for the .com, .net, etc urls which are the more prevelant.

Ok, my suggestion:
* Remove the global `only images from this server' pref. As cited in this bug, it
  just can't work, when many popular sites (such as AltaVista and Apple) contract
  out their image serving to companies like Akamaitech.
* Change the `Block This Image' context menu item to `Block Images ...'. Have it
  pop up a dialog which looks something like this:
  +------------------------------------------------------+
  |[] Block Images ::::::::::::::::::::::::::::::::::::::|
  +------------------------------------------------------+
  | In the future, Mozilla will block images which:      |
  |                                                      |
  | ( ) are the same size as this image (149 x 32)       |
  | ( ) come from the same domain as this image          |
  | (*) are both the same size and from the same domain  |
  |                                                      |
  | Domain for blocking:                                 |
  | (*) x42.ads.admeisters.com                           |
  | ( ) *.ads.admeisters.com                             |
  | ( ) *.admeisters.com                                 |
  | ( ) *.com                                            |
  |                                                      |
  | ( Help )                      ( Cancel ) (( Block )) |
  +------------------------------------------------------+

I think that would solve everybody's problems (except AOL's, of course) ...

Or it might be possible to integrate the Junkbuster proxy into Mozilla. This
way, you can also block certain paths within a domain. Some domains actually
contain useful information, even the doubleclick ones (they host a CPAN site to
which people are automatically directed from the CPAN web page...). The context
menu could be updated by adding an `advanced' option, where you can enter a
regexp to block.
These ideas are all well and good for the advanced user.  However I was more 
interested in simplicity of use when I implemented it.  Just right-clicking on 
an image to reject it, or setting a couple of prefs for additional filtering.  
And the prefs were designed to parallel the cookie prefs which also added to the  
ease of use (and understanding) on the part of the user.
I've been meaning to write up an additional bug report on this topic, but

since this report has already been filed, I'll just add my comments.



Here is what I would like to see for the image blocking pref dialog:



   ( ) Accept all images

   ( ) Reject all images

   ( ) Block Certain Images

       [ ] Block images that originate from a foreign domain

       [ ] Block images that come from sites in this file

           [___________________] (enter file or URL)

       [ ] Block images that match the following regex

           [___________________]

       [ ] Warn me before accepting any other images





The ( ) are radio buttons (meaning, they are exclusive), the [ ] are check

boxes (non-exclusive), and the [_____] are text fields. The check boxes are

grayed out until you click "Block Certain Images".



The "block file" field could take either a file name on your local hard drive

or an http:// URL. This would allow, say, Junkbuster for example to maintain a

RTBHL listing of undesirable-image spewing sites. Additionally, this file

could be the same one read by the "Image Manager" when it displays blocked /

non-blocked sites.



The default text in the regex field could be "ad[^.]*\.[^.]*\.com" (without

the " qoutes). Optionally, this could be a multi-line text field instead of a

single-line text field to allow N regexes to be entered (seperated by carriage

returns).



The "Warn me before accepting any other images" is a catch-all at the end for

the extra paranoid among us. If an image isn't filtered by any of the previous

rules.



I think this strikes a balance between 'sophisticated image blocking features'

and 'not overwhelming novice users'. Arguably, the most confusing option here

is the regex text field, but putting in the default I mentioned should work in

90% of the cases and spare the novice user of having to purchase an O'Reilly

book or three just to get through his prefrences dialog.


Comments received from Aydin Edguer:

I think your basic heuristic "if not from 'same site' then 'block'" is valid.
I like it and appreciate the fact that you have provided such a feature.

The questions are the meaning of "same site" and "block".

I would like to see "block" provide at least a similar level of controls
to those found for cookies:
  a) Accept All
  b) Accept Only Same Server
  c) Warn Before Accepting

It would be nice to see another option:
  d) Warn Before Accepting Not Same Server

This is separate from the issue of "Auto download" vs "Manual download".

Please note that combining "Manual download" with "Warn Before Accepting"
(giving image size if possible) is a nice way to help those who have low
bandwidth links, but need to read/navigate some sites that use images which
are small or difficult to "click" to download, by allowing the browser to
do the work of locating the images and giving the user the choice of which
to accept/use.

Additional Comments From Matthew Thomas 2000-04-28 07:48
> Steve, you can't assume a given number of domain levels like that.
> If you allow x.netscape.com to put up images from y.netscape.com,
> then you have the problem of moneysuckers.com.au being able to put up
> images from annoying-ads.com.au, and boring.co.uk being able to put up
> images from imagespewers.co.uk, and so on.

Additional Comments From morse@netscape.com 2000-04-28 07:57
> Sure it fails for the counter-example you gave.  And we all know about
> the problem with domain cookies when country-urls are used.  But I'm not
> trying to get it right 100% of the time, only most of the time.
> That's why I said I am using an heuristic.  If it fails for country urls,
> so be it.  At least it works for the .com, .net, etc urls which are the
> more prevelant.

It looks like you are using a simple heuristic of compare the top two
components of the domain name.

  fails  www.annoying-ads.com.au -> com.au
  fails  moneysuckers.com.au -> com.au
  fails  annoying-ads.com.au -> com.au
  works  x.netscape.com -> netscape.com
  works  netscape.com -> netscape.com
  works? slashdot.com. -> slashdot.com

[The question mark is because I do not know how your parser deals with
 trailing dots in host names.]

A simple alternative heuristic is to compare the top N-1 components (removing
only the first component) with a minimum of two components.

  works  www.annoying-ads.com.au -> annoying-ads.com.au
  fails  moneysuckers.com.au -> com.au
  fails  annoying-ads.com.au -> com.au
  works  x.netscape.com -> netscape.com
  works  netscape.com -> netscape.com
  works? slashdot.com. -> slashdot.com

A slightly more advanced heuristic is to check the length of the Nth (the last)
component and using it to set the minimum value.
  =2 letter -> minimum = 3
  >2 letter -> minimum = 2

  works  www.annoying-ads.com.au -> annoying-ads.com.au
  works  moneysuckers.com.au -> moneysuckers.com.au
  works  annoying-ads.com.au -> annoying-ads.com.au
  works  x.netscape.com -> netscape.com
  works  netscape.com -> netscape.com
  works? slashdot.com. -> slashdot.com

The reason for using ">2" rather than "3" is that there have been some
proposals to add new top level domains (TLDs) that have more than three
letters.  I don't know of any one letter TLDs or proposals for them, so
I don't know what the default should be for "1".

I think that the heuristic can be further improved (complicated?) by
providing a per-domain exception list.

So, for "altavista.com", the user could add "akamai.net" as an acceptable
alternative domain.  This would work for other places who have different
domain names (like "dec.com" vs "digital.com" - same name, different days).

If "Warn Before Accepting Not Same Server" was an option then the exception
list could be built by the browser based on a "Accept, Accept and Add Rule,
Reject" dialog box.
I am not sure images per se can be said to track user behavior. It is links that 
get clicked, that are usaully based off 
images. Problem is from a user perspective the intent/benefit is not clear at 
all. Why should a user not want to see 
images? 

There is no clear relationship for an end-user at all between images and tracking 
browsing habits. Furthermore this feature 
being placed next to cookies will almost ensure that users will only find it by 
accident. I think the way it is currently 
presented it is only useful to a small sliver of the overall audience as the rest 
has no clue what is being talked about. 

Furthermore turning this filter on (for many users by accident or out of 
curiosity) will result in users not seeing images in 
some cases, and not remembering that they turned images off using this privacy 
pref. Even if they remember it will be 
even harder to remember for them where they need to go to reverse their setting.

So I think that a) turning images off should *never* be a default setting and b) 
usability has to be significantly beefed 
before this feature can actually be useful for a wider audience.

German, who said anything about tracking user behavior? As far as I know, it is 
not possible for image servers to track user behavior (except when they also use 
cookies); but that's not the issue here.

The question `Why should a user not want to see images?' could only ever come 
from someone who has either a very fast Internet connection, a high level of 
patience, a highly developed capacity to mentally filter out visual noise, or a 
combination of those factors. The answer to the question is that many users find 
some images undesirable -- whether they be distracting, or a waste of bandwidth, 
or whatever. Often these images are of a particular size, and come from a 
particular domain which is different from that of the document being viewed; and 
these properties are what allows us to block them.

The suggestions from Mark Whitley and Aydin Edguer are interesting, but they 
mainly involve the interface in the prefs dialog. My immediate concern is more 
for the `block by example' interface, because if you think about it, that is 
where the majority of filtering will actually take place. Hence my dialog design. 
I think it's important to have a dialog for blocking images, rather than (as 
Morse suggests) immediately blocking all images from the same second-level 
domain, because it provides an extra level of warning about what the user is 
doing (equivalent to, but not as annoying as, an `are you sure you want to do 
this?' dialog). For something like this which could cause confusion if it was 
done by accident, we *want* to make it a little more difficult than just a single 
click on a context menu item. (would be like putting the ejector handle right 
next to the throttle.)

Having said that, German's point that images should be easier to unblock is a 
valid one. Therefore, I suggest that where the context menu for an unblocked 
image has `Block Image ...', the context menu for the placeholder for a blocked 
image should have `Unblock Image ...'. And the dialog brought up by the menu item 
should be able to unblock images, just as it can block them.

This means that my earlier suggested design needs to be tweaked, thus:
+------------------------------------------------------------+
|[] Block Images ::::::::::::::::::::::::::::::::::::::::::::|
+------------------------------------------------------------+
| ( ) Sto_p blocking images like this one                    |
| ( ) Block images the same _size as this one (149 x 32)     |
| ( ) Block images from the same _domain as this one         |
| (*) Block images which are _both the same size and from    |
|     the same domain as this one                            |
| ( ) Block images based on their _address ( S_ettings ... ) |
|                                                            |
| _Domain for blocking:                                      |
| (*) x42.ads.admeisters.com                                 |
| ( ) *.ads.admeisters.com                                   |
| ( ) *.admeisters.com                                       |
| ( ) *.com                                                  |
|                                                            |
| ( Help )                  ( Cancel ) (( Change settings )) |
+------------------------------------------------------------+

Notes:
* `Stop blocking images like this one' is only enabled if the current image is
  blocked. Selecting it and then selecting `Change settings' removes all blocking
  rules which are blocking the current image.
* `Block images the same size as this one' is only enabled if the size of the
  relevant image is known -- i.e. if it's in the document source.
* `Block images based on their address' is pre-selected if the current image is
  being blocked due to a more complex rule based on the contents of the URL. If
  such a rule does not exist, selecting this option for the first time creates a
  new blocking rule which blocks all images with exactly the same address as the
  current image. (If the rule needs to be more general than this, it can be
  changed using the `Settings ...' button, or by opening the Preferences dialog
  later.)
* The `Settings ...' button is only enabled if `Block images based on their
  address' is selected. Activating the button opens the Preferences dialog at the
  `Images' category, and puts focus in the first control for the most specific
  rule which is blocking the current image.
* The `Domain for blocking:' controls are only enabled if either `Block images
  from the same domain as this one' or `Block images which are both the same size
  and from the same domain as this one' is selected.

I still think the `Block all images which come from a different server' option is 
unworkable and should go.

Corrections:
*     `(would be like putting the ejector handle right next to the throttle.)'
  --> `(Allowing images to be blocked with a single context menu click would be
      the equivalent of putting the ejector handle right next to the throttle.)'

*     `_Domain for blocking:'
  --> `Domain _for blocking:'

From Neal McBurnett (by e-mail):
|
| Another issue - beware of redirects.  E.g. the image URL could be listed in the
| web page as http://coolsite.com/xyz.gif, but then be redirected to
| http://doubleclick.com/xyz.gif, so the browser should remember to not follow
| the redirection.

> the context menu for the placeholder for a blocked image should have `Unblock
> Image ...'

Oops, alt text replacement will cause a problem here. Must consider that...
Whiteboard: (py8ieh: alt text issue here -- will consider)
Which, Ian, is one of the reasons for my suggestion in bug 23691 that all 
unloaded images should have placeholders, even those images which have alt text.

Meanwhile ... the top of my suggested dialog is rather wordy and hard to scan. An 
alternative arrangement would be:

(*) Block images which:
    ( ) are the same size as this one (149 x 32)
    ( ) have a similar address to this one      ( Settings ... )
    ( ) come from the same domain as this one
    (*) are both the same size and from the same domain

    Domain for blocking:
    ( ) ...
    ( ) ... [etc]

( ) Stop blocking images like this one

All controls between `Block images which:' and `Stop blocking images like this 
one' would be disabled if `Stop blocking images like this one' was selected.

This would be easier to read and less daunting (fewer options in the same level 
of hierarchy); but it would require (on average) about 0.2 or 0.3 more mouse 
clicks to use, each time it was opened, than my previous design would. I would 
guess the tradeoff would be worth it, though you'd need to try it in a usability 
testing lab to be sure.

More food for thought for those who still think blocking all off-server images is 
a good idea:
* About.com <http://about.com/>
* Adobe <http://www.adobe.com/>
* Altavista <http://www.altavista.com/>
* Apple Computer <http://apple.com/>
* Britannica.com <http://britannica.com/>
* CBS <http://cbs.com/>
* CNN <http://cnn.com/>
* LookSmart <http://www.looksmart.com/>
* Lycos <http://www.lycos.com/>
* Motley Fool <http://www.fool.com/>
* Quicken <http://www.quicken.com/>
* Ticketmaster <http://www.ticketmaster.com/>

And, the grand finale:
* Yahoo <http://www.yahoo.com/>

In my opinion, such a high false positive rate, on such popular sites, is 
unacceptable -- even for something which is optional.

Ouch. That's a lot of false positives. Closer inspection of some of the sites
Matthew mentioned revealed the following:

yahoo.com -> legit blocked images oritinate from: a1.g.a.yimg.com cnn.com ->
legit blocked images oritinate from: a388.g.akamaitech.net apple.com -> legit
blocked images oritinate from: a312.g.akamaitech.net The yahoo.com -> yimg.com
images have only the .com in common, and the cnn.com / apple.com ->
akamaitech.net, don't have any part of their domain name in common. [Best Austin
Powers voice:] Ouch, baby. Very ouch.

From the other posts above (and especially this last from Matthew), I'm more
inclined to think that the best way to accomplish the goal (blocking undesirable
images), is to have a black-hole list in a file that Mozilla looks at to
determine whether to block images. If we wanted to leverage the work that people
have put into junkbuster (http://www.internet.junkbusters.com), the format for
the image block file could be the same as junkbuster blockfiles. That way, Moz
users could use any of the following lists:

http://altavista.digital.com/cgi-bin/query?pg=q&what=web&fmt=.&q=%2Bjunkbuster+%
2Burl%3Ablocklist

Obviously, the longer the blocklist gets, the greater the performance hit. Some
hashing/caching strategy could be employed to recover lost performance. Taking
this idea up to the UI level, the Prefs dialog would then have an entry that
looks like this:

    ( ) Block images that originate from sites in this list:
           [___________________] (enter filename or URL)

Then somebody could enter, say: "http://www.vex.net/~x/data/antro-bust.txt" in
the text box.

...

On a slightly different note, another feature I have considered submitting was
along the lines of "page filters". The idea here is that you could have a plug-
in sort of architecture that sits between the socket reading and the rendering /
page display. Right here you could plug in N number of page filters that may /
may not alter a page based on its content. For example: you could  have a page
filter that reads the <HEAD> section of pages and if it matches the string
"FrontPage" it filters the page through the demoroniser before sending it on to
Gecko.

The "page filter" plug-in architecture could be generic enough to allow for
image blocking as well; you would have a plug in that reads the <IMG> tags,
looks at the value of the SRC= attribte and checks it against a blockfile list,
a regex, or whatever.

Anywho, hope these ideas help get people thinking.
Target Milestone: M18 → M20
A non technical view ...

Another problem with this feature is that blocking sites is undesirable from the 
web site owners point of view, they need it to support the running of the page.  
You could end up with a 'arms race' where mozilla attempts to out-wit adverts, 
with web site owners out-witting the mozilla code.  A loop which I doubt mozilla 
could win.
Even if it could be won, if I can not show my advertisments on the mozilla 
browser, why bother to allow the Moz browser to show the site at all.  Perhaps I 
would show a page requiring this blocking feature to be disabled before access 
is allowed.
Assuming it doesn't go that far it will not be an encouragment for web site 
owners to ensure their sites work with mozilla if their revenue stream is being 
removed.
Mark: The junkbuster-like list would be a good idea, but that should really be 
filed in a separate bug.

Nathan: Sure, you can develop a Web site which absolutely insists on images being 
shown, if you like. Just don't expect it to become popular. And don't expect 
disabled people to be able to use it. And don't expect commuters to be able to 
use it. And don't expect to win any govt Web design contracts while it's in your 
resume. Etc, etc, etc. With regard to your specific example, that of 
advertisements, most users would be far happier with (and far more responsive to) 
well-written text advertisements than banner ads.

Ok, the final cut (I think) for the dialog:
+------------------------------------------------------------+
|[] Block Image :::::::::::::::::::::::::::::::::::::::::::::|
+------------------------------------------------------------+
| (*) Do_n't block images like this one                      |
| ( ) Block this image using advanced _rules  ( Rul_es ... ) |
| ( ) _Block images which                                    |
|     (*) are the same _size as this one (149 x 32)          |
|     ( ) are from the same _domain as this one              |
|     ( ) are both the same size _and from the same domain   |
|                                                            |
|     Domain for blocking:                                   |
|     (*) (_1) x42.ads.admeisters.com                        |
|     ( ) (_2) *.ads.admeisters.com                          |
|     ( ) (_3) *.admeisters.com                              |
|     ( ) (_4) *.com                                         |
|                                                            |
| [?]                                  ( Cancel ) ((  Ok  )) |
+------------------------------------------------------------+

Notes from my previous design still apply, with these additions/corrections:
* `Don't block images like this one' should always be enabled, contrary to what I
  said earlier.
* When opened, the dialog should reflect the current settings for the image it
  was opened from.
* Keyboard mnemonics have been chosen to be localization-friendly, so don't mess
  with them unless you know what you're doing.

Ok Morse, over to you ...
Whiteboard: (py8ieh: alt text issue here -- will consider) → (py8ieh: alt text issue in bug 40623)
I've just got bitten by this pref because it conflicts with <BASE HREF=...>.
Target Milestone: M20 → M30
Changing fictional "M30" to reality
Target Milestone: M30 → Future
*** Bug 33724 has been marked as a duplicate of this bug. ***
Summary: Rejecting other-server images is undesirable for some popular sites → [z]Rejecting other-server images is undesirable for some popular sites
Summary: [z]Rejecting other-server images is undesirable for some popular sites → Rejecting other-server images is undesirable for some popular sites
Whiteboard: (py8ieh: alt text issue in bug 40623) → [z](py8ieh: alt text issue in bug 40623)
Adding self to CC out of curiosity/interest
Morse, do you have any plans to implement this?  Can you point me to where the 
current image blocking is handled?
Keywords: helpwanted
Image blocking starts in if.cpp and then passes control to nsCookie.cpp where 
the actual decision of whether or not to block is made.
*** Bug 63816 has been marked as a duplicate of this bug. ***
.
Assignee: morse → nobody
Status: ASSIGNED → NEW
Whiteboard: [z](py8ieh: alt text issue in bug 40623) → (py8ieh: alt text issue in bug 40623)
Depends on: 65015
What if I want to filter by filename? Or Path? What if we combined reg
expressions with a interface that's easy? You'd have to dumb down the regex
somewhat but...

[pulldownMenuA]  [pulldownMenuB] [Textfield]


pulldownMenuA would have such choices as Server, path, filename, link etc while
pulldownMenuB would have is, isnot, matches, contains etc. Clicking on a "Add"
button would ad that expresion to a listbox.

The problem I have with some of the proposals here is they don't allow very much
flexability, and the best way to ensure that users understand the feature and
use it right is by making it broad and FORCING them to set it in a custom
fashion. That way they think though what their doing. Additionally I'd like to
see a "Advanced" button with true regex support. Perhaps a hybrid of this and
what Mark Whitley proposed?         
That's what the `Rules ...' button is for.

Hi
Here's my comment as a Mozilla user. I think all these ideas about allowing
regexs, listing allowed domains, targeting image sizes, etc, etc is way to
complicated for Joe Random user. Mozilla is supposed to be a browser and you
should stick to that goal. If users want sophisticated filtering they can get
Webwasher /  junkbuster / whatever.

My recommendtion would  be to stick with 3 options (No images, originating
domain only, all images) and put a warning that choosing the middle option may
break some sites.

my 0.02euros

dave
As I've commented in other bugs, it might be a nice idea to have a configuration
switch between "Newbie Mode" and "Power User Mode", with the newbie mode
installed by default, wherein the power user mode can be filled with complex and
powerful features that are likely to be confusing, intimidating, and/or
dangerous to novice users.  That way Mozilla can serve both audiences.
My personal take on this problem is to have the current three options, but have
some mechanism for whitelisting sites that would normally be blocked. In
general, I want to block foreign images, except for a few. In my case, it is
acceptable for me to have to jump through some hoops to add a few needed sites
to a white-list, and block all other foreign sites. For example, I could turn on
all-sites option and the ask-me option (temporarily), browse to the site that I
am having problems with, and say yes to the images that I actually want to load.
Then, I switch the settings to block-foreign, and don't-ask, and I am set. This
doesn't work at the moment, however.
This isn't much of a comment, but how about taking a look at how AdShield
(www.adshield.org) works for, *gasp*, IE.

--Suppresses the download and display of ad images and ad pages and the 
launching of ad browser windows. 
--Seamless integration with the browser provides a point and click interface 
for identifying the source of advertising and blocking it. 
--New drag and drop interface makes it even easier to identify and block ads. 
--Dynamically removes and restores images and pages as they are identified 
without refreshing the browser. 

It allows you to block .doubleclick. which blocks everything with doubleclick 
in it, or a directory like /ads/ so that any URL with /ads/ in it, is blocked 
from displaying an image, or full URLs such as 
http://images.slashdot.org/banners/ so that only that URL is blocked from 
downloading images.  The only downside to this system is that if you want to 
visit www.doubleclick.com, you have to remove it from your block list.  But who 
wants to visit that site anyways?

My 2 cents.
Summary: Rejecting other-server images is undesirable for some popular sites → Redesign of "accept images only from originating server" pref
Whiteboard: (py8ieh: alt text issue in bug 40623) → ui spec in comment 32
Another big producer of ads appears to be something called RealMedia that
usually is hosted on the originating server.  Yes, I would like to see a more
generalized pattern matching facility too.  
Bug 78104 covers regular-expression based blocking of images.  As it stands
right now, catching redirects would probably require some redesign of the
content-policy system, since it's currently only called from content before
loading and before processing elements.  For redirects to be caught, networking
would have to be brought into the loop, as well (indirectly or directly).

As a side note, if anyone reading this is busy implementing it behind the
scenes, note that many have expressed desires in other bugs for similar
permissions to apply to arbitrary content types (personally, I'd like to be able
to block all transcluded elements--scripts, embedded media, inline-framed pages,
etc.).

Also note that the current design of the image permission system deals only with
hosts, not entire URLs.  Bug 78104 shows the minor changes needed to allow it to
act on (nearly) complete URLs.

Related bugs include bug 86194, bug 91783, and bug 91785.
Depends on: 78104
Blocks: majorbugs
Depends on: 208882
No longer blocks: majorbugs
Component: Preferences: Backend → Preferences
Product: Core → SeaMonkey
QA Contact: mpt → prefs
Priority: P3 → --
Target Milestone: Future → ---
This bug report is registered in the SeaMonkey product, but has been without a comment since the inception of the SeaMonkey project. This means that it was logged against the old Mozilla suite and we cannot determine that it's still valid for the current SeaMonkey suite. Because of this, we are setting it to an UNCONFIRMED state.

If you can confirm that this report still applies to current SeaMonkey 2.x nightly builds, please set it back to the NEW state along with a comment on how you reproduced it on what Build ID, or if it's an enhancement request, why it's still worth implementing and in what way.
If you can confirm that the report doesn't apply to current SeaMonkey 2.x nightly builds, please set it to the appropriate RESOLVED state (WORKSFORME, INVALID, WONTFIX, or similar).
If no action happens within the next few months, we move this bug report to an EXPIRED state.

Query tag for this change: mass-UNCONFIRM-20090614
Status: NEW → UNCONFIRMED
This bug report is registered in the SeaMonkey product, but has been without a comment since the inception of the SeaMonkey project. This means that it was logged against the old Mozilla suite and we cannot determine that it's still valid for the current SeaMonkey suite. Because of this, we are setting it to an UNCONFIRMED state.

If you can confirm that this report still applies to current SeaMonkey 2.x nightly builds, please set it back to the NEW state along with a comment on how you reproduced it on what Build ID, or if it's an enhancement request, why it's still worth implementing and in what way.
If you can confirm that the report doesn't apply to current SeaMonkey 2.x nightly builds, please set it to the appropriate RESOLVED state (WORKSFORME, INVALID, WONTFIX, or similar).
If no action happens within the next few months, we move this bug report to an EXPIRED state.

Query tag for this change: mass-UNCONFIRM-20090614
This bug report is registered in the SeaMonkey product, but has been without a comment since the inception of the SeaMonkey project. This means that it was logged against the old Mozilla suite and we cannot determine that it's still valid for the current SeaMonkey suite. Because of this, we are setting it to an UNCONFIRMED state.

If you can confirm that this report still applies to current SeaMonkey 2.x nightly builds, please set it back to the NEW state along with a comment on how you reproduced it on what Build ID, or if it's an enhancement request, why it's still worth implementing and in what way.
If you can confirm that the report doesn't apply to current SeaMonkey 2.x nightly builds, please set it to the appropriate RESOLVED state (WORKSFORME, INVALID, WONTFIX, or similar).
If no action happens within the next few months, we move this bug report to an EXPIRED state.

Query tag for this change: mass-UNCONFIRM-20090614
This bug report is registered in the SeaMonkey product, but has been without a comment since the inception of the SeaMonkey project. This means that it was logged against the old Mozilla suite and we cannot determine that it's still valid for the current SeaMonkey suite. Because of this, we are setting it to an UNCONFIRMED state.

If you can confirm that this report still applies to current SeaMonkey 2.x nightly builds, please set it back to the NEW state along with a comment on how you reproduced it on what Build ID, or if it's an enhancement request, why it's still worth implementing and in what way.
If you can confirm that the report doesn't apply to current SeaMonkey 2.x nightly builds, please set it to the appropriate RESOLVED state (WORKSFORME, INVALID, WONTFIX, or similar).
If no action happens within the next few months, we move this bug report to an EXPIRED state.

Query tag for this change: mass-UNCONFIRM-20090614
This bug report is registered in the SeaMonkey product, but has been without a comment since the inception of the SeaMonkey project. This means that it was logged against the old Mozilla suite and we cannot determine that it's still valid for the current SeaMonkey suite. Because of this, we are setting it to an UNCONFIRMED state.

If you can confirm that this report still applies to current SeaMonkey 2.x nightly builds, please set it back to the NEW state along with a comment on how you reproduced it on what Build ID, or if it's an enhancement request, why it's still worth implementing and in what way.
If you can confirm that the report doesn't apply to current SeaMonkey 2.x nightly builds, please set it to the appropriate RESOLVED state (WORKSFORME, INVALID, WONTFIX, or similar).
If no action happens within the next few months, we move this bug report to an EXPIRED state.

Query tag for this change: mass-UNCONFIRM-20090614
This bug report is registered in the SeaMonkey product, but has been without a comment since the inception of the SeaMonkey project. This means that it was logged against the old Mozilla suite and we cannot determine that it's still valid for the current SeaMonkey suite. Because of this, we are setting it to an UNCONFIRMED state.

If you can confirm that this report still applies to current SeaMonkey 2.x nightly builds, please set it back to the NEW state along with a comment on how you reproduced it on what Build ID, or if it's an enhancement request, why it's still worth implementing and in what way.
If you can confirm that the report doesn't apply to current SeaMonkey 2.x nightly builds, please set it to the appropriate RESOLVED state (WORKSFORME, INVALID, WONTFIX, or similar).
If no action happens within the next few months, we move this bug report to an EXPIRED state.

Query tag for this change: mass-UNCONFIRM-20090614
This bug report is registered in the SeaMonkey product, but has been without a comment since the inception of the SeaMonkey project. This means that it was logged against the old Mozilla suite and we cannot determine that it's still valid for the current SeaMonkey suite. Because of this, we are setting it to an UNCONFIRMED state.

If you can confirm that this report still applies to current SeaMonkey 2.x nightly builds, please set it back to the NEW state along with a comment on how you reproduced it on what Build ID, or if it's an enhancement request, why it's still worth implementing and in what way.
If you can confirm that the report doesn't apply to current SeaMonkey 2.x nightly builds, please set it to the appropriate RESOLVED state (WORKSFORME, INVALID, WONTFIX, or similar).
If no action happens within the next few months, we move this bug report to an EXPIRED state.

Query tag for this change: mass-UNCONFIRM-20090614
Status: UNCONFIRMED → NEW
Ever confirmed: true

    
    

    
  
addon refcontrol 
Works with Firefox 1.5 - 11.*, SeaMonkey 2.0 - 2.0.* 
https://addons.mozilla.org/en-US/firefox/addon/refcontrol/?src=ss
solves this completely!

    
    

    
  
(In reply to Charles Evans from comment #57)
sorry for the bugspam, wrong add-on.

addon requestpolicy
Works with Firefox 4.0 - 13.0a1, SeaMonkey 2.1 - 2.10a1 
https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/?src=ss

solves this completely!

    
    

    
  
can anyone summarize what is wanted beyond the features of requestpolicy and:
Adblock Plus  -  filter subscriptions in dozens of languages which automatically configure it 
    for purposes ranging from removing online advertising to blocking all known malware 
    domains. Adblock Plus also allows you to customize your filters with the assistance of a 
    variety of useful features, including a context option for images, a block tab for Flash 
    and Java objects, and a list of blockable items to remove scripts and stylesheets.
    Works with Firefox 3.6.13 - 14.0a1, Mobile 4.0 - 14.0a1, SeaMonkey 2.1 - 2.11a1,
      https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/?src=ss
and:
Element Hiding Helper is a companion extension for Adblock Plus meant to make creating 
       element hiding rules easier. Works with Firefox 8.0 - 14.0a1, SeaMonkey 2.5 - 2.11a1
           https://addons.mozilla.org/en-US/firefox/addon/elemhidehelper/?src=ss
?
(I doubt if these will do the image size rules,
 but I don't recall needing that. Maybe a rule to collapse blocks of a given size and xpath 
 would be useful?  )

    
    

    
  
Current Data Manager allow to block/accept images on per site/per domain basis, is this bug still actual?
Whiteboard: ui spec in comment 32 → ui spec in comment 32 [2012 Fall Equinox]

    
  
Whiteboard: ui spec in comment 32 [2012 Fall Equinox] → ui spec in comment 32 [2012 Fall Equinox][extension fodder][WONTFIX?]

    
  
Whiteboard: ui spec in comment 32 [2012 Fall Equinox][extension fodder][WONTFIX?] → ui spec in comment 32 [2012 Fall Equinox][extension fodder][CLOSEME 2012-11-01 WONTFIX?]

    
    

    
  
Resolved per whiteboard
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
Whiteboard: ui spec in comment 32 [2012 Fall Equinox][extension fodder][CLOSEME 2012-11-01 WONTFIX?] → ui spec in comment 32 [2012 Fall Equinox][extension fodder]

    
    

    
  
what about the antivirus ? http://nortonphonesupport.com

          You need to log in
          before you can comment on or make changes to this bug.