User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Build ID: 20140702123034 Steps to reproduce: Receive a message with remote content, ie: images, etc. Actual results: A bar pops up on the message window which says "To protect your privacy , Thunderbird has blocked remote content in this message." This bar has a preferences button, from which you can select "show remote content in this message." This does indeed work. Expected results: In previous verisons of Thunderbird, there was another button which said "show remote content," which you could click directly and see the remote content. This button was apparently removed. I can't understand why. There is no space constraint in this area of the user interface. It was very convenient, and "Show remote content' is what most people are going to want to do for most non-spam messages when faced with the remote content bar. Please consider re-adding this button.
(In reply to Alan Ott from comment #0) > This button was apparently removed. I can't understand why. There > is no space constraint in this area of the user interface. It was very > convenient, and "Show remote content' is what most people are going to want > to do for most non-spam messages when faced with the remote content bar. That is not so sure. As most message with remove content is either spam or ads or commercial messages, I never allow the content. I don't want even legitimate companies to track us. Almost no private person is able to send such a message, only IT people owning a server. So it is very questionable whether "most people" do want to see the remote content. Maybe corporate users for internal messages.
> As most message with remove content is either spam or ads > or commercial messages, I never allow the content. As for spam, isn't almost all actual spam filtered, either by the mail provider or by Thunderbird's adaptive filtering? I would also add non-profit to the list. Maybe I'm weird, but I seem to get a lot of newsletters from companies and organizations that I do business with or otherwise support. > I don't want even legitimate companies to track us. I agree. I'm opposed to tracking. Walking through the logic, remote-content-in-email tracking tells the server that mail which was sent to a specific address was read. Spammers use that to confirm that an address is real. This is of course why we don't want to allow remote content for spam. If I signed up for a mailing list or newsletter however, they already know my email address, and with remote tracking they can determine that the person at this address, who they already know is a real person (because he's signed up for this mail), actually read the email that he asked for. Yes, that's technically tracking, but in this case, it's already people I trust, and it's keeping the images out of my inbox. > Almost no private person is able to send such a message, only > IT people owning a server. That's true, but it doesn't mean they're necessarily bad. It seems like it's getting easier and easier for organizations to do this, as evidenced by the growing number of them which do. Even the smallest of nonprofits have IT people. I'm sure you, like me, are mostly opposed to HTML email. Unfortunately, we are in the minority. Every time some letter goes from being plain text to HTML, it's almost guaranteed that the second issue done in HTML will say something like "We got a lot of great feedback on the new format..." It's just the way it is, unfortunately. People like HTML and pretty pictures; companies and organizations are going to use it. It's a part of doing email whether we like it or not, and it needs to be easy to turn on. The alternative to remote content is for these companies and organizations to send HTML email with all the content as part of the message. Is that really what we want, to start seeing mail that's 500kB so that the pictures make it through easily? That's what I see happening if mail clients start making it difficult to view remote content. I think that's worse. What Thunderbird had before was a good compromise: remote content not loaded, but one-click to show it. A lot of users are smart, and even if they're not, hiding the option under the preferences button isn't going to keep users from finding it. It just makes it more difficult to do for people who know what they're doing. Hiding it under preferences is going to cause users who don't know any better to edit their preferences to show remote content for all mail without asking. Is that better? > So it is very questionable whether "most people" do want to see > the remote content. Maybe corporate users for internal messages. Well it goes without saying that I disagree. What I see is a button that I used frequently is now gone and has been replaced by something more difficult to use. For what it's worth The Mozilla Foundation itself sends out email with remote content. So does the Linux Foundation; so does Red Hat. Beyond that, there are lots of others which are businesses and nonprofits which people view as "good" which send remote-content email. Remote-content can be used for good, and it can be used for evil. It's not bad in all cases. Block-by-default is a good behavior. Having an "allow" button like we used to was also good behavior. Taking that button away and instead showing empty space seems like a regression from a usability standpoint. If it's spam, I block it. If it's annoying commercial stuff, I unsubscribe. If I haven't done one of those two things, there's a chance I want to see it. There used to be an easy way to do this, now it's been made harder. I hope this helps you understand where I'm coming from. Thanks for all you do for Thunderbird. I appreciate the hard work it takes to make quality software. Alan.
Yes the button was removed as part of the notification modernization. Blocking can now be done based on remote content source, and that needs a button. It's not reasonable to have both. What we want in the end is to be privacy aware but will as little effort as possible. If it's an org you trust, or at least don't care if they see what you do, or you know they know it through other channels anyways, I think it's the best to always allow images from that domain and not get bothered with blocked images and have mails be ugly for no reason.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
> Blocking can now be done based on remote content source, > and that needs a button. It's not reasonable to have both. And now blocking/allowing can no longer easily be done on a case-by-case basis. > If it's an org you trust, or at least don't care if they see > what you do, or you know they know it through other channels > anyways, I think it's the best to always allow images from that > domain and not get bothered with blocked images and have mails > be ugly for no reason. Blocking or not blocking based solely on source makes it more difficult to evaluate what I want to see on a case-by-case basis. "Trust" is not an all or nothing. Some organizations that I "trust" send email that I don't want to download remote content for. Consider an company like Linkedin. Sometimes I want to see the pictures in the emails they send ("do I recognize this guy who's trying to connect to me?") and sometimes I don't want to waste the bandwidth. In previous versions, I had a button. Now I don't, and a domain or address has to be all-or-nothing. It's not just trust. There are other factors as well. Another consideration is bandwidth and/or slow connections. Sometimes I'm at a hotel and would rather look at an ugly email than wait for it to download all the images. I would really not discount the bandwidth here either. Some hotels, for example, have really really **** internet. In those cases, I _really_ don't want to download remote content, even for a site I "trust." The "Show remote content" button gave real choice and real flexibility, and it was there for a long time. Now it's gone, replaced with a use case that gives more coarse control. I don't mean to be the "this breaks my workflow" guy. I've been using Thunderbird for a decade-plus, and this is my first bug into this tracker. I don't just complain about everything :) I get the feeling this isn't going to be changed, but thank you for your consideration anyway.
(In reply to Magnus Melin from comment #3) > I think > it's the best to always allow images from that domain and not get bothered > with blocked images and have mails be ugly for no reason. Is it based on the domain of the sender (can be forged) or the domain of the server from which the image is to be fetched? There can be multiple domains as the image sources. How does the button behave then? It looks like the dropdown menu lists all options (allow for sender, allow for each individual domain). Also, could the button be changed to the split button where the main option (on first click) would be the old "allow remote content" option and the dropdown would contain all the new options as today? I think everybody would be happy then.
Created attachment 8496520 [details] [diff] [review] 1064501.patch Yeah, we do not have split button support in a notification yet (I have it in some of my bugs). So for now we could split the button out as there is enough space on the notification bar.
(In reply to :aceman from comment #5) > > it's the best to always allow images from that domain and not get bothered > > with blocked images and have mails be ugly for no reason. > Is it based on the domain of the sender (can be forged) or the domain of the > server from which the image is to be fetched? There can be multiple domains The domains that the images are loaded from. > as the image sources. How does the button behave then? It looks like the > dropdown menu lists all options (allow for sender, allow for each individual > domain). See https://bug953426.bugzilla.mozilla.org/attachment.cgi?id=8351721
Comment on attachment 8496520 [details] [diff] [review] 1064501.patch Well the reasons it's not a button now is - to make the notification slick, and "never" break up to two or more lines - image sources listed in the menu are actually pretty informative re to who you're details would go (at least for tech people) - make the prefs findable -> more used -> more good looking messages -> better tb experience - especially as gmail now loads all remote images by default you easily get that bad experience for no reason. If we add a button the label should be short, like "Unblock", or "Show". I don't know, but we should keep it slick.
Alan is correct about bandwidth. It's not just hotels. I realize that most of you involved in developing Mozilla products have blazing fast internet connections at home and at work, but please remember that many users do not. I do not want remote content loading automatically even from trusted sources, but often there is content I do want in a particular message. The change from one-click to two-click for this frequently performed task was a step in the wrong direction, and I hope it will be fixed.
I also would like the old button back. I work with development and need to be able to test our customers transactional emails on an email to email basis. I also do not like to enable always show images even from trusted sources, both due to bandwidth,on our vacation site I use a very slow mobile connection that both takes time and that could end up out of volume and therefore I need to be able to select when to get the emails. I can see the reason for most users to never bother with this but please at least offer the option to display a separate button, it would never have to be more than one single extra button (display content for this email)
Today there is support for a menubutton on the notification bar so this could be rethought. But having the default action be "allow remote content" and only a submenu having the privacy-aware options to allow only specific source domains (today the domain of the images, not the sender) could train users in the wrong direction.
You need to log in before you can comment on or make changes to this bug.