Heartbeat surveys can be perceived as spoofing content
Categories
(Firefox :: Normandy Client, enhancement, P3)
Tracking
()
People
(Reporter: Harald, Unassigned)
References
Details
Attachments
(1 file)
|
50.61 KB,
image/png
|
Details |
heartbeat-like-spoofing-example.png
We received reports from users that were asking if we are running surveys, referencing prompts that they saw popping up in web content – which felt dubious to them.
The core UX issue causing this is probably that the UI isn't well integrated with Firefox and slides into the content. Are there other options that could be used for prompting that better connect the UI to Firefox?
|
Reporter | |
Comment 1•6 years ago
|
||
Tyler, who would own that component and could look into this? Our UX lead Victoria just saw the survey prompt as well and found it very dated and dangerous looking.
|
||
Comment 2•6 years ago
|
||
Hi Harald, I'm the owner of this component. I agree that the current implementation doesn't look good. Unfortunately making it look better isn't a high priority right now. If you or Victoria have some suggestions I'd be happy to see them. However, changes such as changing the bar to something outside of web content aren't something we have the bandwidth for right now. If there are some easy changes that could help, I can find the time for that though.
|
||
Comment 3•6 years ago
|
||
Hi Mythmon :D!
I'm happy to make suggestions - also I have a small UX contributor army that could be assigned to this, including submitting a patch. (I assume we could contribute CSS to override the current look?)
Is there an easy way to make the banner show up in Nightly?
|
|
||
Comment 4•6 years ago
|
||
That would be great. For simple CSS tweaks, the files to edit are
- https://searchfox.org/mozilla-central/source/toolkit/components/normandy/skin/shared/Heartbeat.css
- https://searchfox.org/mozilla-central/source/toolkit/components/normandy/skin/osx/Heartbeat.css
To make the banner show up on Nightly (or any version, actually) you can follow these steps, which are admittedly a little annoying:
- Start Firefox with a fresh profile
- Install the latest version of the Normandy Devtools
- Click the new green hand-with-wrench icon in the toolbar
- On any of the rows that are labeled "Heartbeat", click the play icon on the far right
That should make a heartbeat dialog pop up. It's important to do this with a fresh profile every time, because Heartbeat has a built-in rate limit of only showing one dialog per day.
|
||
Comment 5•6 years ago
|
||
Just to summarize the survey's team feedback in #ux, please just coordinate that no studies are live when this change goes live on release (to avoid changes to invitations mid-study) and we should run a pre / post study to survey differences in CTR and responses.
|
|
Reporter | |
Comment 6•6 years ago
|
||
Just to confirm what this means for the implementation; changes should be behind a pref so they can roll out as an experiment first and can be flipped (via pref rollout? to be confirmed) when release doesn't run any studies.
|
|
||
Comment 7•6 years ago
|
||
The point of these changes was that they were easy to implement for Victoria's "small UX contributor army". Making those changes as purely CSS makes it much more likely they can get done (though limits the scope). Making these changes controllable by a pref is much more complicated. I'd still take the patch, but I think it is unreasonable to require.
I think that instead, this feature would be riding the trains as normal in 68, without any preference. We can be careful to avoid heartbeats that span between 67 and 68 in Beta and Release, and be careful in Nightly around the time the feature lands. I think that this is a good practice anyways, as splitting a survey across two versions is sure to produce differences mid-study.
|
|
||
Comment 8•6 years ago
|
||
It doesn't necessarily need to be an experiment. Let's say this goes live with Firefox 67. We'd run a pre-change study in 66, and then a post-change study in 67. Then we'd also have to audit recipes that are currently live so that we know there is a hard cut-off between 66 and 67.
Pref flips for this notification seem a bit overkill, though I'd love to run a quick study in Beta. Unless we are doing a more complete overhaul of the notification system, which this doesn't seem to be.
|
|
Reporter | |
Comment 9•6 years ago
|
||
Thanks for clarifying, that simplifies things.
|
|
||
Comment 10•6 years ago
|
||
I've decided to do the UX part myself, due to the importance of integrating into the existing design. The CSS part can be a contributor project. I'll get feedback from my podmates in Desktop UX as well.
Is it possible to use the same colors (background and text) as the Find bar? That would be a great way to associate the banner with the browser.
In some themes, there's the danger of the text not showing up, because the Find bar is white-on-white. (E.g. in this featured theme). This actually seems like a more severe bug which I've filed separately in this bug.
|
|
||
Comment 11•6 years ago
|
||
As of bug 1475094, I believe we automatically match the existing theme. I don't know if we match the find bar, but we match the top are of the browser, both with text and background color.
|
|
||
Comment 12•6 years ago
|
||
Ah, I hadn't seen that bug! The screenshots in there look great. If this landed on 2/25, why didn't I see this on 3/14?
|
|
||
Comment 13•6 years ago
|
||
What release of Firefox were you looking at? Since that landed 2/25, it would have been on Firefox 67, which is still in the Beta channel today. If you were using Release on 3/14 you would have been on Firefox 65, and Dev Edition would have been on 66.
If you were using Nightly on 3/14, then not seeing it would be a bug.
|
|
||
Comment 14•6 years ago
|
||
I'm pretty sure I was using Nightly (I almost never boot up other versions). I should've taken a screenshot, because now I'm not sure what exactly concerned me about the banner. I feel like there was some skeumorphic-looking button that seemed out of place? Or maybe there was a bug related to one of my colorful themes. If the new look from bug 1475094 seems to be working in your tests for 67, however, then maybe there's nothing that needs to be done. I'll keep on the look out for any more user feedback.
|
||
Comment 16•6 years ago
|
||
The point I am trying to make in Bug 154439, is that we cannot distinguish whether this is spoofing or not because the content could mirror the same style as the heartbeat message.
To make it clear that this message is part of the chrome, we should cut the border of the address bar (with a triangle having the same background color), similar to what is done with information & security & extensions popup, or like done with tabs (as seen in this screen shot)
|
|
Reporter | |
Comment 17•6 years ago
|
||
Yes, this is the point of this bug as well. For DevTools it would be solved by prompting in our tools, but this would not help heartbeat in general.
Overhanging triangle solves part of it, at least giving the trust for tech-savy users that understand the "line of death". Fake push notification permission requests show how easy it is to spoof. Maybe there are new ideas in the pipeline about trusted content.
|
||
Updated•3 years ago
|
Description
•