Closed Bug 1698845 Opened 2 months ago Closed 23 days ago

Update Strings for Standard Mode depending on the cookieBehavior PBM pref

Categories

(Firefox :: Preferences, enhancement, P2)

enhancement

Tracking

()

RESOLVED FIXED
89 Branch
Tracking Status
firefox89 --- fixed

People

(Reporter: johannh, Assigned: timhuang)

References

(Blocks 1 open bug)

Details

Attachments

(4 files)

We need new copy for the "Standard" ETP mode in about:preferences when it has dFPI in PBM.

Arthur, can you get us a new string? The string for ETP is currently "Cross-site tracking cookies" and for dFPI "Cross-site cookies". Maybe something like "All cross-site cookies in private windows"?

Flags: needinfo?(arthur)

Meridel, would you be able to look at this?

Flags: needinfo?(arthur) → needinfo?(mwalkington)

I don't think that we actually need to update the string here? Please see this slide:
https://docs.google.com/presentation/d/1OWIVLOVyWHmqr385W6KSA_HupFa7m3XfCwmkKJZacBs/edit#slide=id.g79fcbdcd30_0_8

All bullet points in the ETP section imply that protections will be provided in all windows (normal and private). If a protection is ONLY offered in private windows (like Tracking content), that is called out as an exception. Is that right?

Flags: needinfo?(mwalkington) → needinfo?(arthur)

(In reply to Meridel [:meridel] from comment #2)

I don't think that we actually need to update the string here? Please see this slide:
https://docs.google.com/presentation/d/1OWIVLOVyWHmqr385W6KSA_HupFa7m3XfCwmkKJZacBs/edit#slide=id.g79fcbdcd30_0_8

All bullet points in the ETP section imply that protections will be provided in all windows (normal and private). If a protection is ONLY offered in private windows (like Tracking content), that is called out as an exception. Is that right?

Sorry if that wasn't clear, this is the case here. We're adding protections in private mode that non-private windows will not be getting (for now). So we'd like to call this out as an exception.

Currently, in Release, the description for the protection we're offering in Standard mode is "Cross-site tracking cookies", while the description in Strict (and Standard in Nightly) is "Cross-site cookies". An accurate representation of the Standard protections after our changes would be:

Cross-site tracking cookies
(All) Cross-site cookies in Private Windows

Though we also discussed whether this distinction was meaningful enough to the average user to warrant a string change at all.

Does that help? Otherwise feel free to ping me on Slack :)

Flags: needinfo?(arthur) → needinfo?(mwalkington)

Ah, I think I missed what the latest plan was for roll-out. Do I have this right?

  • "Cross-site cookies" is the string that represents dFPI protections.
  • In Release, dFPI is now available in all windows in Strict mode and in Custom
  • We are now going to offer dFPI in Standard mode, too, but only for private windows

If I have this right, the new string for Standard mode should be: Cross-site cookies in Private Windows only

I am a bit confused, however, because I thought the plan was to offer dFPI in all windows, and this is what I see reflected in Nightly now.

Flags: needinfo?(mwalkington) → needinfo?(jhofmann)

(In reply to Meridel [:meridel] from comment #4)

Ah, I think I missed what the latest plan was for roll-out. Do I have this right?

  • "Cross-site cookies" is the string that represents dFPI protections.
  • In Release, dFPI is now available in all windows in Strict mode and in Custom
  • We are now going to offer dFPI in Standard mode, too, but only for private windows

If I have this right, the new string for Standard mode should be: Cross-site cookies in Private Windows only

You have this right and thanks for the updated string. Did you consider "All Cross-site cookies in Private Windows" instead of "Cross-site cookies in Private Windows only"? I feel like "only" is giving this a bit of a negative connotation and the word "All" could help the user distinguish between "Cross-site cookies" and "Cross-site tracking cookies".

I am a bit confused, however, because I thought the plan was to offer dFPI in all windows, and this is what I see reflected in Nightly now.

Yeah, it is offered in Standard Mode in Nightly only, for the extra test coverage. In Beta and Release it's not in Standard :)

Flags: needinfo?(jhofmann) → needinfo?(mwalkington)

I am not sure why I added the "Only" there— it's not necessary! I think the options are:

  1. Cross-site cookies in Private Windows
  2. All cross-site cookies in Private Windows

If we go with option 2, we should update the strings in Strict and Custom modes, too:
Strict: All cross-site cookies
Custom: All cross-site cookies, includes social media cookies

To make a decision, can you help me understand something? For the other protections — Social media trackers, CryptominersFingerprinters— we don't say "All" in those cases because we are not in fact providing protection against ALL social media trackers, crytominers, and fingerprints...is that right? But we ARE protecting against all cross-site cookies.

Flags: needinfo?(mwalkington) → needinfo?(jhofmann)

(In reply to Meridel [:meridel] from comment #6)

I am not sure why I added the "Only" there— it's not necessary! I think the options are:

  1. Cross-site cookies in Private Windows
  2. All cross-site cookies in Private Windows

If we go with option 2, we should update the strings in Strict and Custom modes, too:
Strict: All cross-site cookies
Custom: All cross-site cookies, includes social media cookies

To make a decision, can you help me understand something? For the other protections — Social media trackers, CryptominersFingerprinters— we don't say "All" in those cases because we are not in fact providing protection against ALL social media trackers, crytominers, and fingerprints...is that right? But we ARE protecting against all cross-site cookies.

Yes, for this one it's safe to claim protection* against all cross-site cookies, this is the good stuff :)

* to be more precise, this isn't blocking cross-site cookies like old ETP but instead isolating them, eliminating the "cross-site" aspect rather than the "cookies" aspect, which is essentially as good as blocking but with less compat issues

Flags: needinfo?(jhofmann)

Aha, thank you! Given this note— " which is essentially as good as blocking but with less compat issues"— I think we can safely update the strings to the following:

Standard mode: All cross-site cookies in Private Windows
Strict: All cross-site cookies
Custom: All cross-site cookies, includes social media cookies

Arthur, do you approve of these strings? If so, next steps are legal sign-off on Monday and giving Joni the heads-up for SUMO.

Flags: needinfo?(arthur)
Assignee: nobody → tihuang
Status: NEW → ASSIGNED

It's a bit unclear to me about the standard mode. Should we mention anything about the regular windows? Like, Cross-site tracking cookies, All cross-site cookies in Private Windows. Or we only say All cross-site cookies in Private Windows?

Flags: needinfo?(mwalkington)

Hi Tim, please see my recommendation for strings in the comment above. After much discussion about how to describe this feature in Preferences/Settings, we landed on "cross-site cookies," I believe because the difference between "cross-site tracking cookies" and "cross-site cookies" was not meaningful to most users, and including both only adds confusion.

Note that after discussion with Arthur and Johann, I am recommending a different approach— see slides 34-38: https://docs.google.com/presentation/d/1OWIVLOVyWHmqr385W6KSA_HupFa7m3XfCwmkKJZacBs/edit#slide=id.gcdaaa491d5_0_35

Need sign-off from Arthur, and then legal approval, and finally a heads-up to SUMO team.

Flags: needinfo?(mwalkington)

Hey Arthur, I mocked up two options, one with icons and one without. I prefer the option without icons, and using fewer icons aligns with MR1. Please review and advise on which direction you'd like to go.

Slides 34-38: https://docs.google.com/presentation/d/1OWIVLOVyWHmqr385W6KSA_HupFa7m3XfCwmkKJZacBs/edit#slide=id.gcdaaa491d5_0_0

Thanks Meridel! I agree -- I would like to pursue the bullet point solution.

Flags: needinfo?(arthur)
Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5bd60206b016
Part 1: Add a new cookie info for the state partitioning in PBM in 'about:preference#privacy'. r=johannh,fluent-reviewers
https://hg.mozilla.org/integration/autoland/rev/acd377dc2593
Part 2: Add a test to check the visibility of the cookie blocking info for state partitioning in PBM. r=johannh
https://hg.mozilla.org/integration/autoland/rev/056d4c1cb948
Part 3: Remove the icons in the content blocking section of `about:preference#privacy` and use the bullet points for standard and strict mode. r=johannh
https://hg.mozilla.org/integration/autoland/rev/2007f7ca1ecd
Part 4: Update the string for the cookie blocking label of dFPI. r=johannh,fluent-reviewers,preferences-reviewers
You need to log in before you can comment on or make changes to this bug.