Bug 1325171 (photon-visual)

[meta] Photon - Firefox visual refresh

NEW
Assigned to

Status

()

Firefox
Theme
4 months ago
2 days ago

People

(Reporter: canuckistani, Assigned: shorlander)

Tracking

(Depends on: 10 bugs, Blocks: 1 bug, {meta})

Trunk
Points:
---
Dependency tree / graph
Bug Flags:
qe-verify -

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [photon-visual])

We're investigating a visual refresh of Firefox this year, this bug tracks that work.

Updated

3 months ago
Priority: -- → P3
Comment hidden (off-topic)

Comment 2

3 months ago
Personally I like the look of the developer edition theme. Maybe a light version of it would look very nice and modern.

Updated

3 months ago
status-firefox53: affected → ---

Comment 3

3 months ago
+1 for developer edition theme or something minimal like that. Dark one is great.

Updated

3 months ago
Depends on: 1336227

Updated

3 months ago
Depends on: 1336230

Updated

3 months ago
Depends on: 1336241
(In reply to Allan Gardner (:Mathnerd314) from comment #1)
> I know it was an April Fool, but I'll bring up this blog post:
> https://blog.mozilla.org/ux/2013/04/firefox-next-evolving-the-user-interface-
> using-genetic-algorithms/. I haven't seen any comprehensive browser UI
> analysis based on Fitt's Law, Hick's Law, and GOMS-CPM/CoDeIn modeling.
> Optimize toolbar button sizes for task flow. Don't just put lipstick on a
> pig, save a few seconds for millions of users! :)

(In reply to modestdev from comment #3)
> +1 for developer edition theme or something minimal like that. Dark one is
> great.

The developer edition themes are shipping as alternative themes in Firefox 53, see bug 1314091.
Comment hidden (advocacy, off-topic)

Updated

3 months ago
Depends on: 1337432

Updated

2 months ago
Depends on: 1344907

Updated

2 months ago
Depends on: 1344910

Updated

2 months ago
Depends on: 1344917

Updated

2 months ago
Depends on: 759252

Updated

a month ago
Alias: photon → photon-visual
No longer depends on: 1336227, 1336241

Updated

a month ago
Depends on: 1341048

Updated

a month ago
No longer depends on: 1336230

Updated

a month ago
No longer depends on: 1337432

Updated

a month ago
No longer depends on: 759252

Updated

a month ago
Depends on: 1348294

Updated

a month ago
Depends on: 1347543

Updated

a month ago
Blocks: 1346488

Updated

a month ago
Keywords: meta
Summary: Firefox visual refresh → [meta] Firefox visual refresh
Whiteboard: [photon]

Updated

a month ago
Depends on: 1349552

Updated

a month ago
Depends on: 1349555

Updated

a month ago
Depends on: 1058040

Updated

a month ago
No longer blocks: 1325169

Comment 6

a month ago
Please consider for the new default theme:
* to not show the protocol or a padlock when https:// is used - encryption=neutral - (but display the protocol on all other protocols): Meta bug 1335586 (https-everything)
* to show a red crossed padlock (bug 1310447) with a red text 'Not Secure' (bug 1335970) for every unencrypted protocol (http://, ftp://, ws://)
* to show a green padlock without a text if DNSSEC/DANE stapling is valid (bug 672600, a MOSS project is working on it)
* to show a blue padlock with a blue Name for EV certificates (but green padlock + green text if DNSSEC/DANE stapling is valid)
(let EV green, as long as DNSSEC/DANE Stapling (bug 672600) is not implemented, but change it then)
Thank you :)
> * to not show the protocol or a padlock when https:// is used - encryption=neutral - (but display the protocol on all other protocols): Meta bug 1335586 (https-everything)

I think this is the general direction we're heading for eventually, but it's not within scope for the visual refresh. Which is good, because there are a lot of factors to consider for this decision. (It's also not necessary to do this as part of a major UI refactor, since the identity block is pretty isolated.)

> * to show a red crossed padlock (bug 1310447) with a red text 'Not Secure' (bug 1335970) for every unencrypted protocol (http://, ftp://, ws://)

Bug 1310447 comment 7 outlines our team's current decision on this: We will not show additional text in the URL bar, since the user will get a much more efficient insecure login warning when they try to use a login form on that page. The "Not Secure" text does not add any additional value in our opinion. We want to avoid adding unnecessary elements that clutter the URL bar (even more so with the refresh that focuses on gaining simplicity instead of adding complexity).

The bug is not closed yet, because this decision could be reconsidered in the future. For now, we're not doing it.

> * to show a green padlock without a text if DNSSEC/DANE stapling is valid (bug 672600, a MOSS project is working on it)
> * to show a blue padlock with a blue Name for EV certificates (but green padlock + green text if DNSSEC/DANE stapling is valid)
(let EV green, as long as DNSSEC/DANE Stapling (bug 672600) is not implemented, but change it then)

I generally agree that DNSSEC/DANE sounds very exciting and we should probably think about how we can support it UI-wise, but really, there is a lot to consider for this and the general UI refresh will be a big project on its own. Feel free to make new bugs in the Security component for DNSSEC/DANE UI highlighting, so that we're able to discuss this separately.

I do not mean to shut down your (very interesting) ideas, just to say that they're not in scope for the UI refresh and that changing the identity indicators is always a delicate topic :)
Depends on: 1350210

Updated

a month ago
Summary: [meta] Firefox visual refresh → [meta] Photon - Firefox visual refresh

Comment 8

29 days ago
Firefox on Android needs a visual refresh too, perhaps with some Material Design and better integration with the Android system.

Comment 9

28 days ago
(In reply to uncertainquark from comment #8)
> Firefox on Android needs a visual refresh too, perhaps with some Material
> Design and better integration with the Android system.

This has been in discussion for a matter of years. See bug 1074220
(In reply to uncertainquark from comment #8)
> Firefox on Android needs a visual refresh too, perhaps with some Material
> Design and better integration with the Android system.

This is being worked on. No bugs filed quite yet but the goal is to have a consistent look across Firefox Browsers ( Android, iOS, Desktop )

Updated

27 days ago
Depends on: 1351268

Updated

25 days ago
No longer depends on: 1351268

Comment 11

25 days ago
For the complete UI rewrite for a non-XUL Firefox, please have these in mind (for your technical design decisions) to have it easy to implement in the future:
* theme-color meta tag support like Chrome Mobile/Vivaldi (https://bugzilla.mozilla.org/buglist.cgi?quicksearch=theme-color)
* scrollbar styles like webkit, as it wasn't possible with XUL: bug 77790

(In reply to Johann Hofmann [:johannh] from comment #7)
> Feel free to make new bugs in the Security component for DNSSEC/DANE UI highlighting, so that we're able to discuss this separately.
bug 1351684 with a suggestion image
> I do not mean to shut down your (very interesting) ideas, just to say that
> they're not in scope for the UI refresh and that changing the identity
> indicators is always a delicate topic :)
But please overthink currenty thoughts about showing the word "Secure" as people couldn't notice the diffence to EV certificates in thoughtless moments. People are already complaining about Letsencrypt certificates for phishing sites as Chrome shows the pseudo EV certificate owner named "Secure". HTTPS for a phishing site is technically a "Secure" connection, sure, but we shouldn't overvalue HTTPS. Even if phishing sites had DNSSEC/DANE Stapling at some time, it wouldn't be good to show the word "Secure". Firefox hasn't something like a click-to-play for javascript, so websites can't be "Secure". "Secure" could be an OV-validated certificate with OCSP Must staple and with strong Content-Security-Policy - at the moment. As you say:
> We want to avoid adding unnecessary elements that clutter the URL bar

Updated

24 days ago
Depends on: 1256754

Updated

24 days ago
Depends on: 1352356
(In reply to bugzilla from comment #11)
> But please overthink currenty thoughts about showing the word "Secure" as
> people couldn't notice the diffence to EV certificates in thoughtless
> moments. People are already complaining about Letsencrypt certificates for
> phishing sites as Chrome shows the pseudo EV certificate owner named
> "Secure". HTTPS for a phishing site is technically a "Secure" connection,
> sure, but we shouldn't overvalue HTTPS. Even if phishing sites had
> DNSSEC/DANE Stapling at some time, it wouldn't be good to show the word
> "Secure". Firefox hasn't something like a click-to-play for javascript, so
> websites can't be "Secure". "Secure" could be an OV-validated certificate
> with OCSP Must staple and with strong Content-Security-Policy - at the
> moment.

You might be relieved to hear that we're not interested in showing "Secure" for HTTPS sites, mostly for the reasons that you're stating. I've seen this in some mockups that are floating around but that was early WIP and not coordinated with the security team.

Updated

24 days ago
No longer depends on: 1256754

Updated

24 days ago
Depends on: 1196266

Updated

24 days ago
No longer depends on: 1344917

Updated

24 days ago
No longer depends on: 1344910

Updated

24 days ago
No longer depends on: 1344907

Updated

24 days ago
Depends on: 1352361

Updated

24 days ago
Depends on: 1352366

Updated

22 days ago
Flags: qe-verify-
Priority: P3 → --

Updated

13 days ago
Depends on: 1355455
Comment hidden (off-topic)

Updated

12 days ago
Depends on: 1173732
(In reply to marczellm from comment #13)
> Why is the visual refresh even necessary? In my user-perspective the
> Australis look just stabilized like "yesterday" when bug 734326 got fixed.
> Seems like bikeshedding to me.

Sorry, this is a tracking bug and not a discussion platform. Please take that concern to an appropriate mailing list or user forum. Note that a significant chunk of the people involved in this are Firefox peers, so it's unlikely your arguments will be able to stop the project. We do, however, appreciate ideas and constructive feedback (but please not in this specific bug).

Updated

12 days ago
Depends on: 1355764

Updated

12 days ago
Depends on: 1185482

Updated

12 days ago
Depends on: 1355767

Updated

12 days ago
No longer depends on: 1349552

Updated

12 days ago
No longer depends on: 1349555

Updated

12 days ago
No longer depends on: 1355764

Updated

12 days ago
No longer depends on: 1173732

Updated

12 days ago
No longer depends on: 1185482

Updated

12 days ago
No longer depends on: 1347543

Updated

11 days ago
Depends on: 1356202

Updated

11 days ago
No longer depends on: 1356202

Updated

11 days ago
Whiteboard: [photon] → [photon-visual]

Comment 15

10 days ago
(In reply to Jeff Griffiths (:canuckistani) (:⚡︎) from comment #0)
> We're investigating a visual refresh of Firefox this year, this bug tracks
> that work.

Is there a place where this is being discussed, with images?
Depends on: 1351268

Updated

5 days ago
Depends on: 1357858

Updated

5 days ago
Depends on: 1357863
No longer depends on: 1357858
No longer depends on: 1357863
You need to log in before you can comment on or make changes to this bug.