Find a way to separate preferences for unwanted downloads and unwanted website warnings

NEW
Unassigned

Status

()

Firefox
Preferences
P4
normal
2 years ago
2 years ago

People

(Reporter: johannh, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [fxprivacy])

(Reporter)

Description

2 years ago
Disabling "Options->Security->Warn me about unwanted and uncommon software" will cause the system to skip warnings not only for potentially unwanted downloads but also for potentially unwanted websites. (Because it modifies urlclassifier.malwareTable)

That is a bit misleading and we should fix it.
Whiteboard: [fxprivacy][triage]

Comment 1

2 years ago
Francois, can you give us more information on the issue and the impact?
Flags: needinfo?(francois)

Updated

2 years ago
Priority: -- → P4
Whiteboard: [fxprivacy][triage] → [fxprivacy]
(In reply to Tanvi Vyas [:tanvi] from comment #1)
> Francois, can you give us more information on the issue and the impact?

When it comes to potentially unwanted software, there are two ways it gets blocked:

1. the application reputation server tells us a particular download is potentially unwanted
2. a website's URL is on the list of sites hosting potentially unwanted software

The third pref we now have in the UI (thanks Johann!) allows users to toggle both #1 and #2 at once.

However, if you disable download protection (the second pref), we gray out the third pref and so you can't toggle #2 anymore, even though that's supported in the platform. The reason being that if download protection is turned off, the toggle for UNCOMMON doesn't make sense.

We could add a new pref ("Warn about sites hosting potentially unwanted software"), but that's possible too many options and not one that lots of users will need.

A simpler fix could be to rename the last pref to "Warn me about unwanted OR uncommon software" which could be vague enough to cover both cases and allow us not to gray out the checkbox when download protection is off.
Flags: needinfo?(francois)
I'm really hesitant to add more UI prefs under Security. Candidly, I'd rather combine all three lists under a single UI pref than add more, and I think we may end up there in the future anyway. Google turns all three on by default with a single UI pref, so Chrome counts on these lists to be effective. 

We need to think about our overwhelming majority of users when doing prefs in UI. I think having two buttons is already more confusing. Google has a single pref that used to say "protect me from phishing and malware" and now says "Protect you and your device from dangerous sites" that is buried under Advanced prefs.

If very privacy sensitive users are uncomfortable w/ the SB ping and want to selectively turn stuff off, that's about about:config is for.
You need to log in before you can comment on or make changes to this bug.