Update Strings for Standard Mode depending on the cookieBehavior PBM pref
Categories
(Firefox :: Settings UI, enhancement, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox89 | --- | fixed |
People
(Reporter: johannh, Assigned: timhuang)
References
Details
Attachments
(4 files)
We need new copy for the "Standard" ETP mode in about:preferences when it has dFPI in PBM.
Arthur, can you get us a new string? The string for ETP is currently "Cross-site tracking cookies" and for dFPI "Cross-site cookies". Maybe something like "All cross-site cookies in private windows"?
Comment 1•3 years ago
|
||
Meridel, would you be able to look at this?
Comment 2•3 years ago
|
||
I don't think that we actually need to update the string here? Please see this slide:
https://docs.google.com/presentation/d/1OWIVLOVyWHmqr385W6KSA_HupFa7m3XfCwmkKJZacBs/edit#slide=id.g79fcbdcd30_0_8
All bullet points in the ETP section imply that protections will be provided in all windows (normal and private). If a protection is ONLY offered in private windows (like Tracking content), that is called out as an exception. Is that right?
Reporter | ||
Comment 3•3 years ago
•
|
||
(In reply to Meridel [:meridel] from comment #2)
I don't think that we actually need to update the string here? Please see this slide:
https://docs.google.com/presentation/d/1OWIVLOVyWHmqr385W6KSA_HupFa7m3XfCwmkKJZacBs/edit#slide=id.g79fcbdcd30_0_8All bullet points in the ETP section imply that protections will be provided in all windows (normal and private). If a protection is ONLY offered in private windows (like Tracking content), that is called out as an exception. Is that right?
Sorry if that wasn't clear, this is the case here. We're adding protections in private mode that non-private windows will not be getting (for now). So we'd like to call this out as an exception.
Currently, in Release, the description for the protection we're offering in Standard mode is "Cross-site tracking cookies", while the description in Strict (and Standard in Nightly) is "Cross-site cookies". An accurate representation of the Standard protections after our changes would be:
Cross-site tracking cookies
(All) Cross-site cookies in Private Windows
Though we also discussed whether this distinction was meaningful enough to the average user to warrant a string change at all.
Does that help? Otherwise feel free to ping me on Slack :)
Comment 4•3 years ago
|
||
Ah, I think I missed what the latest plan was for roll-out. Do I have this right?
- "Cross-site cookies" is the string that represents dFPI protections.
- In Release, dFPI is now available in all windows in Strict mode and in Custom
- We are now going to offer dFPI in Standard mode, too, but only for private windows
If I have this right, the new string for Standard mode should be: Cross-site cookies in Private Windows only
I am a bit confused, however, because I thought the plan was to offer dFPI in all windows, and this is what I see reflected in Nightly now.
Reporter | ||
Comment 5•3 years ago
|
||
(In reply to Meridel [:meridel] from comment #4)
Ah, I think I missed what the latest plan was for roll-out. Do I have this right?
- "Cross-site cookies" is the string that represents dFPI protections.
- In Release, dFPI is now available in all windows in Strict mode and in Custom
- We are now going to offer dFPI in Standard mode, too, but only for private windows
If I have this right, the new string for Standard mode should be: Cross-site cookies in Private Windows only
You have this right and thanks for the updated string. Did you consider "All Cross-site cookies in Private Windows" instead of "Cross-site cookies in Private Windows only"? I feel like "only" is giving this a bit of a negative connotation and the word "All" could help the user distinguish between "Cross-site cookies" and "Cross-site tracking cookies".
I am a bit confused, however, because I thought the plan was to offer dFPI in all windows, and this is what I see reflected in Nightly now.
Yeah, it is offered in Standard Mode in Nightly only, for the extra test coverage. In Beta and Release it's not in Standard :)
Comment 6•3 years ago
|
||
I am not sure why I added the "Only" there— it's not necessary! I think the options are:
- Cross-site cookies in Private Windows
- All cross-site cookies in Private Windows
If we go with option 2, we should update the strings in Strict and Custom modes, too:
Strict: All cross-site cookies
Custom: All cross-site cookies, includes social media cookies
To make a decision, can you help me understand something? For the other protections — Social media trackers, CryptominersFingerprinters— we don't say "All" in those cases because we are not in fact providing protection against ALL social media trackers, crytominers, and fingerprints...is that right? But we ARE protecting against all cross-site cookies.
Reporter | ||
Comment 7•3 years ago
•
|
||
(In reply to Meridel [:meridel] from comment #6)
I am not sure why I added the "Only" there— it's not necessary! I think the options are:
- Cross-site cookies in Private Windows
- All cross-site cookies in Private Windows
If we go with option 2, we should update the strings in Strict and Custom modes, too:
Strict: All cross-site cookies
Custom: All cross-site cookies, includes social media cookiesTo make a decision, can you help me understand something? For the other protections — Social media trackers, CryptominersFingerprinters— we don't say "All" in those cases because we are not in fact providing protection against ALL social media trackers, crytominers, and fingerprints...is that right? But we ARE protecting against all cross-site cookies.
Yes, for this one it's safe to claim protection* against all cross-site cookies, this is the good stuff :)
* to be more precise, this isn't blocking cross-site cookies like old ETP but instead isolating them, eliminating the "cross-site" aspect rather than the "cookies" aspect, which is essentially as good as blocking but with less compat issues
Comment 8•3 years ago
|
||
Aha, thank you! Given this note— " which is essentially as good as blocking but with less compat issues"— I think we can safely update the strings to the following:
Standard mode: All cross-site cookies in Private Windows
Strict: All cross-site cookies
Custom: All cross-site cookies, includes social media cookies
Arthur, do you approve of these strings? If so, next steps are legal sign-off on Monday and giving Joni the heads-up for SUMO.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 9•3 years ago
|
||
It's a bit unclear to me about the standard mode. Should we mention anything about the regular windows? Like, Cross-site tracking cookies, All cross-site cookies in Private Windows
. Or we only say All cross-site cookies in Private Windows
?
Assignee | ||
Updated•3 years ago
|
Comment 10•3 years ago
•
|
||
Hi Tim, please see my recommendation for strings in the comment above. After much discussion about how to describe this feature in Preferences/Settings, we landed on "cross-site cookies," I believe because the difference between "cross-site tracking cookies" and "cross-site cookies" was not meaningful to most users, and including both only adds confusion.
Assignee | ||
Comment 11•3 years ago
|
||
Assignee | ||
Comment 12•3 years ago
|
||
Depends on D111933
Comment 13•3 years ago
|
||
Note that after discussion with Arthur and Johann, I am recommending a different approach— see slides 34-38: https://docs.google.com/presentation/d/1OWIVLOVyWHmqr385W6KSA_HupFa7m3XfCwmkKJZacBs/edit#slide=id.gcdaaa491d5_0_35
Need sign-off from Arthur, and then legal approval, and finally a heads-up to SUMO team.
Comment 14•3 years ago
•
|
||
Hey Arthur, I mocked up two options, one with icons and one without. I prefer the option without icons, and using fewer icons aligns with MR1. Please review and advise on which direction you'd like to go.
Slides 34-38: https://docs.google.com/presentation/d/1OWIVLOVyWHmqr385W6KSA_HupFa7m3XfCwmkKJZacBs/edit#slide=id.gcdaaa491d5_0_0
Comment 15•3 years ago
|
||
Thanks Meridel! I agree -- I would like to pursue the bullet point solution.
Assignee | ||
Comment 16•3 years ago
|
||
Depends on D111934
Comment 17•3 years ago
|
||
Legal approved the solution on slides 34-36: https://docs.google.com/presentation/d/1OWIVLOVyWHmqr385W6KSA_HupFa7m3XfCwmkKJZacBs/edit#slide=id.gd20dd1f01f_0_0
Assignee | ||
Comment 18•3 years ago
|
||
Depends on D112089
Comment 19•3 years ago
|
||
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5bd60206b016 Part 1: Add a new cookie info for the state partitioning in PBM in 'about:preference#privacy'. r=johannh,fluent-reviewers https://hg.mozilla.org/integration/autoland/rev/acd377dc2593 Part 2: Add a test to check the visibility of the cookie blocking info for state partitioning in PBM. r=johannh https://hg.mozilla.org/integration/autoland/rev/056d4c1cb948 Part 3: Remove the icons in the content blocking section of `about:preference#privacy` and use the bullet points for standard and strict mode. r=johannh https://hg.mozilla.org/integration/autoland/rev/2007f7ca1ecd Part 4: Update the string for the cookie blocking label of dFPI. r=johannh,fluent-reviewers,preferences-reviewers
Comment 20•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/5bd60206b016
https://hg.mozilla.org/mozilla-central/rev/acd377dc2593
https://hg.mozilla.org/mozilla-central/rev/056d4c1cb948
https://hg.mozilla.org/mozilla-central/rev/2007f7ca1ecd
Description
•