Closed Bug 1308292 (webext-permissions) Opened 3 years ago Closed 2 years ago

[meta] (tracking) Webextensions required permissions handling

Categories

(WebExtensions :: General, defect, P2)

51 Branch
defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: aswan, Unassigned)

References

Details

(Keywords: dev-doc-complete, meta, Whiteboard: triaged[permissions])

This is a tracking bug to cover the individual pieces needed to expose required webextension permissions (i.e., those in the "permissions" section of the manifest) to users when installing and upgrading webextensions.

Note that everything related to handling of optional permissions is tracked in a separate issue: bug 1197420
Depends on: 1308295
Depends on: 1308296
Depends on: 1308302
Depends on: 1308308
Depends on: 1308309
Depends on: 1308310
Whiteboard: triaged
Whiteboard: triaged → triaged[permissions]
Depends on: 1316460
Blocks: 1234150
Depends on: 1316996
Depends on: 1317000
Depends on: 1317363
Depends on: 1317470
Depends on: 1317590
Depends on: 1328339
Depends on: 1330823
Removing bugs labeled blockers that are not necessary to enable permission prompts.  Follow up items related to required permissions can still be found by searching for webextensions bugs with "permissions" in the whiteboard.
No longer depends on: 1308302, 1308308, 1328339
Blocks: 1331618
Blocks: 1331521
Adding dev-doc-needed.  Developers don't have to take any explicit actions related to this bug, but I think it would be worth mentioning on the page that documents the manifest that some manifest declarations are exposed to users in permission prompts.
Keywords: dev-doc-needed
Depends on: 1333790
Depends on: 1334010
Depends on: 1332061
Depends on: 1329942
Depends on: 1334076
Depends on: 1334085
Depends on: 1334096
Depends on: 1333262
Depends on: 1334354
Depends on: 1334404
Depends on: 1334479
Depends on: 1335333
Depends on: 1335697
Depends on: 1335703
Depends on: 1335720
Depends on: 1335985
Depends on: 1333168
Depends on: 1313298
Depends on: 1336085
No longer depends on: 1313298
Depends on: 1329884
Depends on: 1337870
Depends on: 1337951
Depends on: 1311815
Depends on: 1338713
Related: https://palant.de/2016/07/02/why-mozilla-shouldn-t-copy-chrome-s-permission-prompt-for-extensions

I'm not a UX expert, but I think the reasoning of the article is well thought out and should be taken into consideration. I personally don't have any strong feelings either way (my trust mostly lies in AMO's manual review process), I just wanted to represent the other side.
As a power user who does tech support for the rest of the family, I can also support the points given in the article.

Heck, even for my own use, I generally shy away from Chrome extensions because it's just too much bother to audit them myself.

That said, I'd see a permissions system that's as on-demand as possible paired with AMO's existing auditing as a step up for two reasons:

1. In places like F-Droid where I trust the source, I use the permissions readout as a second layer of security and, more importantly, as a way to weed out stuff from developers whose development methodology I don't agree with. (Primarily relating to the practice of speculatively asking for permissions you might want later or getting lazy about how broadly you allow your core functionality to apply.)

2. On-demand permission prompting (as with Geolocation or Android 6) is a great way to allow people to say "Yes, I want to do X, but I don't want you to have the extra permissions required by feature Y which I'll never use." (For example, not everyone who uses Video DownloadHelper uses the supplementary transcoding functionality.)
(In reply to Timvde from comment #3)
> I'm not a UX expert, but I think the reasoning of the article is well
> thought out and should be taken into consideration.

There was a discsussion about that post on the dev-addons mailing list last year that you can find in the archives.  The short summary is that nobody has suggested a concrete alternative to the current plan which leaves us with the choice of doing nothing or following the current plan.  We chose the second option, aware of its shortcomings but preferring those to the idea of not giving users any information.

(In reply to Stephan Sokolow from comment #4)
> That said, I'd see a permissions system that's as on-demand as possible
> paired with AMO's existing auditing as a step up for two reasons:

optional permissions (what you describe as on-demand) are slated to land in Firefox 54.
Depends on: 1339552
Depends on: 1340078
Depends on: 1340102
Depends on: 1340109
Depends on: 1340220
Depends on: 1340135
Depends on: 1340443
Depends on: 1340471
Depends on: 1340501
Depends on: 1340531
Depends on: 1341240
Depends on: 1341273
Depends on: 1341286
Depends on: 1342031
Depends on: 1342052
No longer depends on: 1342031
No longer depends on: 1342052
Depends on: 1342133
Depends on: 1342142
Depends on: 1342350
Depends on: 1342426
Blocks: 1342452
Depends on: 1342506
Depends on: 1342896
Depends on: 1342914
Depends on: 1343179
Depends on: 1343201
Depends on: 1343222
Depends on: 1343498
Depends on: 1343518
Depends on: 1343571
Depends on: 1344214
Depends on: 1345818
Depends on: 1346138
Depends on: 1346722
Depends on: 1347063
Depends on: 1347170
Depends on: 1347478
Depends on: 1348854
Depends on: 1349189
Depends on: 1350277
Depends on: 1358431
Depends on: 1361730
Depends on: 1370523
Depends on: 1373176
Blocks: 1376793
Depends on: 1380591
Keywords: meta
Priority: -- → P2
No longer depends on: 1329884
No longer depends on: 1340102
No longer depends on: 1340109
No longer depends on: 1340471
No longer depends on: 1340531
No longer depends on: 1342506
No longer depends on: 1343179
No longer depends on: 1343222
No longer depends on: 1343518
No longer depends on: 1345818
No longer depends on: 1346722
No longer depends on: 1347170
No longer depends on: 1361730
No longer depends on: 1370523
No longer depends on: 1343201
All remaining bugs have been moved over to bug 1401643, since we think the core functionality is there.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
I just saw this, since it got resolved :).

I think the request in comment 2 is already covered by the text in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/permissions:

"If you request permissions using this key, then the browser may inform the user at install time that the extension is requesting certain privileges, and ask them to confirm that they are happy to grant these privileges. The browser may also allow the user to inspect an extension's privileges after installation."

So I'm just marking this one dev-doc-complete. But let me know if we need anything else here.
Product: Toolkit → WebExtensions
No longer depends on: 1380591
Summary: (tracking) Webextensions required permissions handling → [meta] (tracking) Webextensions required permissions handling
You need to log in before you can comment on or make changes to this bug.