Closed Bug 1384567 Opened 7 years ago Closed 7 years ago

Add a privacy preference for accessibility

Categories

(Firefox :: Settings UI, enhancement)

enhancement
Not set
normal

Tracking

()

VERIFIED FIXED
Firefox 57
Tracking Status
firefox57 --- verified

People

(Reporter: jimm, Assigned: jimm)

References

Details

(Whiteboard: aes+)

Attachments

(3 files, 6 obsolete files)

We're detecting a long list of obscure and some not so obscure 3rd party Windows applications that use accessibility to snoop on user activity. We want to cut down on this by better communicating when a11y is active. This bug is about adding a new section under preferences -> privacy that displays a11y active state and provides a switch to force accessibility off.
See Also: → 1383051
Assignee: nobody → jmathies
See Also: → 1384672
Attached patch wip (obsolete) — Splinter Review
Attached image privacy prefs.jpg (obsolete) —
Attached patch patch v.1 (obsolete) — Splinter Review
felipe, I'm not sure who to ask for reviews in preferences. Can you review this? I probably need a ux approval as well.
Attachment #8890553 - Attachment is obsolete: true
Attachment #8890558 - Flags: review?(felipc)
Comment on attachment 8890558 [details] [diff] [review]
patch v.1

I'll redirect to Jared. He's been overseeing all the work into the new Preferences re-org.
Attachment #8890558 - Flags: review?(felipc) → review?(jaws)
Hi Michelle, can you review the language here? This screenshot[1] shows how it would look. Personally I think we should include some more text about why this may be privacy-related.

[1] https://bugzilla.mozilla.org/attachment.cgi?id=8890556
Flags: needinfo?(mheubusch)
@jaws I agree that there is more copy needed to explain this, but I also think we need to put changes to the preferences section thru some sort of governance process.  I'll NI Tina and Cindy here and will also raise with legal during my weekly content review meeting - they have a lot invested in the language and structure of this page of prefs.
Flags: needinfo?(mheubusch) → needinfo?(chsiang)
Flags: needinfo?(thsieh)
Thanks for taking this up! One additional item I thought of, it might be nice to have a link in this section to the about:support accessibility section. We plan to add the program name there in bug 1384672.
Comment on attachment 8890558 [details] [diff] [review]
patch v.1

Review of attachment 8890558 [details] [diff] [review]:
-----------------------------------------------------------------

I'm gonna clear review for now until we get the UI/UX questions answered. Please flag me for review once we get responses and/or a new patch.
Attachment #8890558 - Flags: review?(jaws)
My understanding is that there will be discussions over a call this/ next week. Clearing this ni for now.
Flags: needinfo?(chsiang)
current proposal:

move to: "privacy and security", "browsing"
text: "Allow access to Firefox by assistive technologies. Lean more"
Jim,

Just to follow up: are we still going to add a "Learn more" link along with the checkbox? Would it point to a new support page (that we do not have as of yet afaik) that will have the link to the about:support accessibility section?
(In reply to Yura Zenevich [:yzen] from comment #11)
> Jim,
> 
> Just to follow up: are we still going to add a "Learn more" link along with
> the checkbox? Would it point to a new support page (that we do not have as
> of yet afaik) that will have the link to the about:support accessibility
> section?

I'd prefer a learn more link that goes to a sump article, and that article might mention the about:support info as a way of discovering what application requested access.
s/sump/sumo
Proposed copy for setting in Options>Privacy and Security

[ ] Give accessibility services permission to access your browser. Learn more


(@jonisavage - we can add this need for content to our discussion next week)
Flags: needinfo?(jsavage)
Note - we are adding one string/setting and changing a word in the existing string above it, (because we want to improve it while we are looking at it). 

here is the string: 
Allow accessibility services to access your browser. Learn more

Learn more links to a forthcoming SUMO article (see blocking bug 1392753) 

Here is the change to the other string:

Alert you when websites try to install add-ons

Note we are changing from "Warn" to "Alert" and I don't know if this will require a change in l10n.  


Attached for reference is the wireframe for the Permissions portion with the additional setting.
Flags: needinfo?(thsieh)
(In reply to mheubusch from comment #15)
> Note we are changing from "Warn" to "Alert" and I don't know if this will
> require a change in l10n.  

Yes, that will require a change in l10n but that is OK.
Attached image implementation (obsolete) —
Attachment #8890558 - Attachment is obsolete: true
Attached patch patch v.1 (obsolete) — Splinter Review
Attachment #8900789 - Flags: review?(jaws)
Comment on attachment 8900789 [details] [diff] [review]
patch v.1

sorry, just realized the checkbox state needs to be reversed.
Attachment #8900789 - Flags: review?(jaws)
Attached image implementation
Attachment #8900787 - Attachment is obsolete: true
Attachment #8900789 - Attachment is obsolete: true
Attached patch patch v.1 (obsolete) — Splinter Review
Attachment #8900813 - Flags: review?(jaws)
Comment on attachment 8900813 [details] [diff] [review]
patch v.1

Review of attachment 8900813 [details] [diff] [review]:
-----------------------------------------------------------------

::: browser/components/preferences/in-content-new/privacy.xul
@@ +668,5 @@
>    </hbox>
> +
> +  <vbox id="a11yPermissionsBox">
> +    <description flex="1">
> +      <checkbox id="a11yOptionsCheckbox" label="&a11yOptions.checkbox1.label;"

Please rename this ID to "a11yPrivacyCheckbox"

::: browser/locales/en-US/chrome/browser/preferences/privacy.dtd
@@ +114,5 @@
>  <!ENTITY  browserContainersSettings.label        "Settings…">
>  <!ENTITY  browserContainersSettings.accesskey    "i">
> +
> +<!ENTITY  a11yOptions.checkbox1.label   "Prevent accessibility services from accessing your browser">
> +<!ENTITY  a11yOptions.learnmore.label   "Learn more">

Please change these entity names as follows:

allyOptions becomes a11yPrivacy
checkbox1 becomes checkbox

And then please place the a11yPrivacy.checkbox.accesskey next to the label (in other words, don't put the "Learn more" text between them).
Attachment #8900813 - Flags: review?(jaws) → review+
Flags: needinfo?(jsavage)
Attached patch patch v.2Splinter Review
updated per comments
Attachment #8900813 - Attachment is obsolete: true
Attachment #8901309 - Flags: review+
Keywords: checkin-needed
Flags: qe-verify?
Blocks: 1392753
No longer depends on: 1392753
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/1704a6f949af
Add a checkbox in preferences to control accessibility access. r=jaws, ui=mheubusch
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/1704a6f949af
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 57
I have reproduced this bug with Nightly 56.0a1 (2017-07-26) in Windows 10 (64-bit).

This bug's fix is verified with latest Nightly 57.0a1 (64-bit).
 
Build ID   :   20170827100428
User Agent :   Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

[bugday 20170823]
Apologies if I missed it being discussed, but this pref requires a restart to apply, no?

Once it has been toggled can we please inform the user of this?

As someone who does frequent user support it is a common frustration and misdirection when a user reports they have followed an instruction but the pref is not truly applied (notably hardware acceleration). So I hope we can get out in front of this.
Flags: qe-verify? → qe-verify+
QA Contact: camelia.badau
I've tested on Windows 7 x64 , macOs 10.13 and Ubuntu 16.04 using Firefox 57 Beta 8 (en-US, ar, de Firefox builds - on Windows), buildID: 20171013042429: 
- the privacy preference for accessibility is displayed under Privacy & Security tab -> Permissions section
- the text is: "Prevent accessibility services from accessing your browser"
- the "Learn More" link is displayed -> "https://support.mozilla.org/de/kb/accessibility-services" page
- if the preference is toggled, the restart doorhanger is displayed
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.