Open Bug 1595550 Opened 6 years ago Updated 3 years ago

Considering add an expiration time to get rid of granted permissions after a period of time

Categories

(Firefox :: Site Permissions, enhancement, P3)

Product:
Firefox
Component:
Site Permissions
Type:
enhancement

Tracking

()

People

(Reporter: tnguyen, Unassigned)

References

Details

This idea comes from when we change the permission model from third party to first party. Then the old granted persistent permission would be incorrect.
It would be useful if we could consider removing the "persistent trusted permission" after a period of time.
One case it also may be helpful, that is some "trusted permission" sites become "vulnerable sites" if the domain owner is changed.

Summary: Considering add an expiration time to get rid of granted permissions after some period of time → Considering add an expiration time to get rid of granted permissions after a period of time
See Also: → 1572461
Component: DOM: Security → Site Permissions
Product: Core → Firefox

Ehsan, do you know if we have other efforts to forget about sites after some period of inactivity?

Flags: needinfo?(ehsan)

(In reply to Anne (:annevk) from comment #1)

Ehsan, do you know if we have other efforts to forget about sites after some period of inactivity?

Not as far as I know.

The closest thing that I can think of is a feature related to ETP which we've been discussing to forget about tracker sites which the user hasn't interacted with now that ETP is on for all users, but I doubt that's really related to what you have in mind?

Flags: needinfo?(ehsan)

Yeah, I was mostly thinking about forgetting about sites the user hasn't interacted with in a long time to reclaim resources, protect the user's data against site ownership changes, and protect the user's privacy in general. (There are different tradeoffs for the various bits of data we store for a given origin, but in general I think this makes sense for non-persistent site data and also for permissions.)

I see. I unfortunately don't know of an existing effort covering that, but I do agree that it is a worthy goal.

Priority: -- → P3

Generally this sounds a little annoying, if at all I would suggest doing this only for permissions that haven't been requested in a while.

That's the proposal, right? To forget about a site after a long period of inactivity so they have to start anew (except for credentials or persistent data) with building a trust relationship with the user.

Cookies and non-persistent site data have this somehow due to quota, but that doesn't exist for permissions. And that could be problematic for some popular service that falls out of favor and the domain changes hands to an attacker. Blocklisting such cases might also do the trick though, but seems good to cover it from several angles.

Ok, yeah, I'm not against the idea of forgetting permissions after some time of inactivity, though I think it should be quite long (i.e. at least a month, maybe more). Some users only open Firefox (or a certain website) every other week or so and shouldn't be punished for it. They also consciously chose to click "Remember this decision" which means they're pretty serious about it.

Yeah, I was thinking six months or so to start and then iterate.

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.