Stop prompting for the DNS permission, the message is alarming and confusing, brings little to no security benefit
Categories
(WebExtensions :: Frontend, enhancement)
Tracking
(firefox74 fixed, firefox75 fixed)
People
(Reporter: remtanmajitenshi, Assigned: zombie)
References
Details
(Keywords: ue)
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
UI request for https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/dns is confusing enough in English and even worse in Russian translation (maybe in other languages too).
English version: "Access IP address and hostname information".
Russian version: "Доступ к информации об IP-адресе и имени компьютера", literal translation of which is something like: "Access to information about IP-address and name of computer".
Many users think that it is about their computer name (like "John's PC") and their IP-adress, while this permission is about resolving internet domains. See recent 1-star reviews of uBlock Origin that requires this permission in new version (1.25.0): https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/
English examples:
Ask for your IP and device name in last update, unacceptable. Looks like another good ad blocker gone astray. RIP. Deleting (PS: they started 5star upvoting their changes rapidly after this privacy invasion, beware)
Used to be pretty great... but the latest update, as you may have noticed, asks for your IP address and computer name. You are NOT getting that information. I'll find a new adblocker.
This ad-blocker was great UNTIL the latest update, asking for my IP address and hostname. The whole point of an ad-blocker is to limit my information from being sold. And now the ad-blocker is selling my information.
DO NOT INSTALL THIS ADD-ON, it will steal private information from your device(s). There is absolutely no reason for this add-on to need your IP address and hostname.
Why the hell do you need my ip and my computer name?
What for ip and computer name? HELLO, WHAT ARE U DOING. HELLO?
IP address and computer name? What for?!
Wording of permission request should be more clear and state that it is about web/internet domains/hostnames.
|
||
Comment 1•4 years ago
|
||
(In reply to Qwerty from comment #0)
confusing enough in English and even worse in Russian translation (maybe in other languages too).
After a quick look at some other translations, I don't see how other languages could do much better given the original English string. It seems your problem is with it, so I'm editing the summary and triaging accordingly.
If you'd like to submit a suggestion for a better Russian translation, you should be able to do so below:
https://pontoon.mozilla.org/ru/firefox/all-resources/?string=176403
|
||
Comment 3•4 years ago
|
||
Jorge, can we get a new string for this? It's causing some confusion now that uBlock Origin is using it.
|
|
||
Updated•4 years ago
|
|
||
Comment 4•4 years ago
|
||
Or consider just dropping the prompt altogether?
|
||
Comment 5•4 years ago
|
||
(In reply to Andrew Swan [:aswan] from comment #4)
Or consider just dropping the prompt altogether?
yeah it seems at least worth considering.
I'm adding a needinfo assigned to Philipp to double-check how he feels about this alternative option.
|
||
Comment 6•4 years ago
|
||
I second the motion of dropping this permission from the list of required on update. I don't think this one is particularly risky.
I assume we still need a better string for it, though. How about something like "Request IP addresses of web servers"?
|
||
Comment 7•4 years ago
•
|
||
What happens with updates if the user doesn't accept the permission? (e.g. by simply clicking another tab!) (See second part of bug 1617873) I understand the current update is blocked but are users left behind or is there a way to recover?
|
Assignee | |
Comment 8•4 years ago
|
||
It should stay at the top of the firefox hamburger menu. Obviously not ideal, but UX couldn't come up with a better compromise.
(In reply to Jorge Villalobos [:jorgev] (he/him) from comment #6)
I assume we still need a better string for it, though. How about something like "Request IP addresses of web servers"?
We either prompt for a permission, or have no permission string. Don't think we present permissions without strings anywhere across AMO or about:addons.
|
|
Assignee | |
Comment 9•4 years ago
|
||
|
||
Updated•4 years ago
|
|
||
Comment 10•4 years ago
|
||
Pushed by tjovanovic@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7210a39affab Remove DNS permission prompt string, stop prompting r=mixedpuppy
|
|
Assignee | |
Comment 11•4 years ago
|
||
Comment on attachment 9129136 [details]
Bug 1617861 - Remove DNS permission prompt string, stop prompting
Beta/Release Uplift Approval Request
- User impact if declined: Users are alarmed from the confusing permission message when updating uBlockOrigin, with little to no security benefit. See quotes and links from bug 1617876 comment 0.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): A purely declarative change, lack of permission string automatically skips the prompt and grants it.
- String changes made/needed: Removed a localized string from future use.
|
|
Assignee | |
Updated•4 years ago
|
|
||
Comment 12•4 years ago
|
||
| bugherder | ||
|
||
Comment 13•4 years ago
|
||
Comment on attachment 9129136 [details]
Bug 1617861 - Remove DNS permission prompt string, stop prompting
Low risk and clears up confusion for end users, uplift approved for 74 beta 9, thanks.
|
||
Comment 14•4 years ago
|
||
| bugherder uplift | ||
|
||
Updated•2 years ago
|
Description
•