Closed Bug 1478869 Opened 6 years ago Closed 6 years ago

The behavior of block autoplay in the private window

Categories

(Core :: Audio/Video: Playback, enhancement, P2)

enhancement

Tracking

()

VERIFIED FIXED
mozilla63
Tracking Status
firefox63 --- verified

People

(Reporter: alwu, Assigned: daleharvey)

References

Details

Attachments

(2 files, 1 obsolete file)

The current behavior for block autoplay in private window are, 1) prompt won't have the option for "remember this decision" 2) the website would still be affected by the whitelist in the setting page This bug is a open discussion for what behavior the block autoplay should be in the private window.
Blocks: block-autoplay
No longer blocks: delay-autoplay
I browse in Private mode a lot, and it’s been annoying to repeatedly, constantly give YouTube permission to play videos as I open them in new tabs to watch in a queue. Why isn’t my consent saved at least as long as I keep the Private Browsing window open?
Rank: 25
Priority: -- → P3
See Also: → 1477615
I agree the lack of a "Remember this decision" is annoying, especially for block autoplay, because lots of pages play. If there's a fingerprinting concern behind this behavior, it's not very effective, since PB still respects permissions set outside of PB. E.g. I can circumvent this seat-belt by "☑ Remember this decision" on a page outside of PB first, then PB on that page works without a prompt, and presumably there's one more bit to fingerprint me. This problem appears to affect all permissions. E.g. camera/microphone in PB: https://appear.in/testroom345345 If fingerprinting is important, we should close the loophole and not respect persisted permissions at all in PB. Otherwise, we should bring back "Remember this decision". We have a privacy.resistFingerprinting pref. Maybe we could limit this behavior to when that's set?
Flags: needinfo?(jhofmann)
The ideal solution here might be to keep separate permissions for private browsing mode, and then bring back "Remember this decision". Then users can choose, and risk of correlation seems lower, since they can potentially choose different settings in the two modes.
The concern here isn't fingerprinting defense. Private browsing is like a "guest" mode, in that no data is persistently stored when you browse. Use cases include say you're shopping for a gift, and you don't want other users of the computer to know. The other obvious use case, in particular for video, is adult video sites. If we stored a separate permission on disk that persisted between sessions, the list of sites users had specified a permission for would be visible to anyone else who cared to look, which is probably not desirable to some users. I think what we should do here is have a "remember for this PB session" checkbox in PB mode.
Private browsing is not "guest mode", because it remembers permissions and passwords. Treating it as such seems risky, since a "guest" might then access your bank accounts for instance. As for not leaving a trace of browsing, it would seem sensible to not "Remember this decision", but it also seems sensible to leave that as a user choice. I.e. don't "Remember this decision" if you don't want that trace.
With the prevalence of tracking, I find I use private browsing mode more and more for regular perusing of products and articles, so I don't have the last toaster I looked at follow me around the web, or my political views targeted. Mozilla has advertised PB as having stronger protections and going beyond the "local privacy" of Chrome's Incognito mode.
From my perception, Private Mode is a privacy & throwaway mode which additionally offers me to save some settings globally. Options for Private Mode: a) "Allow" could be valid for a whole browsing session (just in Private Mode? Everywhere?). I tend to be against it. b) It could be restricted to "[x] Remember this decision until I leave Private Mode". It's the Private Mode, it should be okay. That would be my favorite for now. c) Radio buttons ("permanently", "until I close Private Mode"). Porn domains could be saved on hard disk. d) A new feature: Allow everything until I close Private Mode. If you visit a huge variety of porn sites, don't want their domains to be saved on hard disk, but also don't want to go to about:preferences and disable this feature globally.
The concern around allowing persisting permissions in private mode is much less about fingerprinting (although Arthur is working on bug 1330467 to make the permission manager consider OAs, which would enable us to solve the problem jib described). It's mostly that our doorhangers do not effectively communicate the meaning and consequences of "Remember this decision" in a private mode context. Users are easily lead into selecting this option, not knowing that their choice will permanently expose part of their private browsing activity on disk and accessible through Firefox preferences. Worse, with block autoplay, "Remember this decision" is actually the default checked choice. If we were to change this I absolutely expect someone to file a bug about this info persisting through private mode. So, I don't see us changing the availability of "remember this choice" in pbmode until we consider pbmode OAs in the permission manager so that the permission is forgotten after pbmode is done. That means this bug is a WONTFIX, I presume? (In reply to Jan-Ivar Bruaroey [:jib] (needinfo? me) from comment #6) > With the prevalence of tracking, I find I use private browsing mode more and > more for regular perusing of products and articles, so I don't have the last > toaster I looked at follow me around the web, or my political views targeted. > > Mozilla has advertised PB as having stronger protections and going beyond > the "local privacy" of Chrome's Incognito mode. Have we? You mean because of Tracking Protection? You can enable Tracking Protection in normal mode and/or use containers, that sounds like a much better alternative to constantly browsing in incognito mode to me.
Flags: needinfo?(jhofmann)
(In reply to Johann Hofmann [:johannh] - slow to respond, digging out of PTO backlog from comment #9) > Worse, with block autoplay, "Remember this decision" is actually the default > checked choice. I would support changing it to off by default in Private Browsing mode. > If we were to change this I absolutely expect someone to file a bug about > this info persisting through private mode. Changing the default in PB mode should address this. > So, I don't see us changing the availability of "remember this choice" in > pbmode until we consider pbmode OAs in the permission manager so that the > permission is forgotten after pbmode is done. That means this bug is a > WONTFIX, I presume? I disagree. By that standard, we should disallow "Save to Pocket" and "Bookmark" in private browsing mode, but we don't. I agree with comment 1 that we've made private browsing annoying to use now, specifically because of block autoplay, and I've heard others mention this to me as well. This bug exists to discuss this, to try to come up with a remedy. We shouldn't close this bug until we have, or have given up coming up with a remedy. > (In reply to Jan-Ivar Bruaroey [:jib] (needinfo? me) from comment #6) > > Mozilla has advertised PB as having stronger protections and going beyond > > the "local privacy" of Chrome's Incognito mode. > > Have we? You mean because of Tracking Protection? Yes. Tracking Protection was launched as a feature of Private Browsing mode only. Later "we separated Tracking Protection from Private Browsing" [1], but we actually strengthened the association by turning it ON by default ONLY in Private Browsing mode. (Firefox 61.0.1 settings w/clean profile: TP: 🔘 Only in private windows) > You can enable Tracking Protection in normal mode and/or use containers, that > sounds like a much better alternative to constantly browsing in incognito mode to me. You are welcome to. But other users, like me, find it easier to use Private Browsing mode selectively than making the bigger decision to enable Tracking Protection for all browsing. Current Firefox defaults encourage our usage pattern, not yours. When I open Private browsing, it introduces itself as "Private Browsing with Tracking Protection" in the heading. Also, many many users think Private Browsing protects them on the internet [2]. Mozilla's efforts in this space appear to be embracing this perception rather than fight it. Therefore, I don't think your narrower definition of Private Browsing squares with most people's perception and everyday use of it. Even I use Private Browsing for "max strength", rather than try to poke engineers on irc to ask whether there's a difference between that and turning Tracking Protection on. [1] https://blog.mozilla.org/firefox/tracking-protection-always-on/ [2] https://latesthackingnews.com/2018/07/15/study-reveals-misconceptions-about-incognito-mode/
(In reply to Jan-Ivar Bruaroey [:jib] (needinfo? me) from comment #5) > Private browsing is not "guest mode", because it remembers permissions and > passwords. Treating it as such seems risky, since a "guest" might then > access your bank accounts for instance. Here's how we market PB mode: https://www.mozilla.org/en-US/firefox/features/private-browsing/ <quote> Browse without a trace Sharing is caring, but that should be your call. Firefox Private Browsing automatically erases your online info like passwords, cookies and history from your computer. So that when you close out, you leave no trace. </quote> You're correct however that (at lease some) permissions added while in PB mode do indeed persist after the PB mode session is finished. When I implemented PB support for EME the advice I got was when in PB mode all "persistent" data stored was to be flushed at the end of the PB session, and recommended way to do this was to just store said data in memory, so it's easy to flush. I think the summary here is you (jib) use PB mode for tracking protection, and so you actually want autoplay-media permission to be persist, whereas that conflicts with the use case I'm trying to protect, where we wouldn't want the permission persisted. (FWIW, I have tracking protection turned on by default in my regular browsing, and it makes the web a lot faster. I'd recommend you do this instead of using PB to get tracking protection.)
Also, cite bug 967812 comment 1: "This is intentional. The permission manager is used for explicit permissions for the website that are directly granted or denied by the user through explicit actions, and therefore we persist them in private browsing mode just like we preserve bookmarks and downloads."
Priority: P3 → P2
Ok, so to summarize, does comment 12 suggest we should offer "Remember this decision" in PB mode? On or off by default?
If it would be kept as it is, Firefox would be less recommendable for porn. It should be fixed before a shield study begins. If it would be permanently stored on hard disk when someone ticks Remember, it would be some somehow unexpected. From a practical standpoint: A default setting in Private Mode should be, that you have to allow Pornhub only once per Private Session. If one wants something exceptional (e.g. uncheck "Remember this decision") it should need another click. For now I would expect that "[x] Remember this decision" is globally in regular browsing, but only for a private session in private browsing (like entries on about:downloads).
Discussed at the block autoplay work week and the decision here was show a prompt in PB mode with a checkbox where remember will remember the permission for session length, with a temporary scope. So we'll need different text for the checkbox.
Assignee: nobody → dharvey
This enables the checkbox to remember the permission in private mode, when in private mode the permission is remembered for that session only, the checkbox is checked by default. Wanted to make sure the strings were the final strings and behaviour was as expected before getting reviews, cheers
Attachment #9001929 - Flags: ui-review?(mliang)
Attachment #9001929 - Flags: feedback?(cpearce)
Comment on attachment 9001929 [details] [diff] [review] 0001-Bug-1478869-Allow-remembering-autoplay-permission-fo.patch The behaviour looks good. Thanks!
Attachment #9001929 - Flags: feedback?(cpearce) → feedback+
The only thing that need to check is the copy "Remember until private mode ends", I just sent the screenshot for copy review and will get back to you soon. Thanks Dale!
Attachment #9001929 - Flags: review?(jhofmann)
Comment on attachment 9001929 [details] [diff] [review] 0001-Bug-1478869-Allow-remembering-autoplay-permission-fo.patch Review of attachment 9001929 [details] [diff] [review]: ----------------------------------------------------------------- Sorry for denying review over a copy issue, but I think we need to reconsider the wording here. The rest looks fine! ::: browser/locales/en-US/chrome/browser/browser.properties @@ +968,4 @@ > autoplay.DontAllow.label = Don’t Allow > autoplay.DontAllow.accesskey = n > autoplay.remember = Remember this decision > +autoplay.remember-private = Remember until private mode ends A couple of issues with this: - "private mode" is only used internally, it's "private browsing mode" in our product. - Please prefer to not use the term "private browsing mode" stand-alone, e.g. instead use "window in private browsing mode". - The message of this string is not correct. The SESSION permission that is set in the private window will be exposed to all windows. (This is what I mean with it's hard for users to understand the consequences). A correct message would be "Remember for this session".
Attachment #9001929 - Flags: review?(jhofmann) → review-
Thanks for the explanation, happy with your suggestion so lets go with it
Attachment #9001929 - Attachment is obsolete: true
Attachment #9001929 - Flags: ui-review?(mliang)
Attachment #9004066 - Flags: review?(jhofmann)
Comment on attachment 9004066 [details] [diff] [review] 0001-Bug-1478869-Allow-remembering-autoplay-permission-fo.patch Review of attachment 9004066 [details] [diff] [review]: ----------------------------------------------------------------- Thank you!
Attachment #9004066 - Flags: review?(jhofmann) → review+
Pushed by dharvey@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/82db30af32a0 Allow remembering autoplay permission for session in private mode. r=johannh
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Verified the behavior of block autoplay in private browsing. "Remember for this session" checkbox is displayed and functional.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: