Improve UI to clarify difference between cross site tracking cookies and cross site cookies option
Categories
(Core :: Privacy: Anti-Tracking, enhancement, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox97 | --- | fixed |
People
(Reporter: CobraAustria.gov, Assigned: bvandersloot)
Details
Attachments
(2 files)
what's_the_difference.PNG
Under:
Settings > Privacy and Security > Enhanced Tracking Protection > Custom
Choose which trackers and scripts to block.
Cookies > (there are two options, they sound the same so what the hell is the difference?)
1: cross site tracking cookies - including social media cookies
2: cross site cookies - including social media cookies
From my understanding, when i use either 1 or 2 i dont understand what's the difference.
This description lacks of explenation.
Does one of the setting include the other one? For exmaple if i use
(1: cross site tracking cookies - including social media cookies)
Does that mean i block cross site tracking cookies and cross site cookies or does it mean i only block cross site tracking cookies without blocking cross site cookies??
Or when i use (2: cross site cookies - including social media cookies)
Does that mean i block cross site cookies without cross site tracking cookies or both??
Honestly this is so dumb, really the dev team should fix this tiny but stupid issue.
PLEASE CHECK THE SCREENSHOT ATTACHED BELOW!
|
||
Comment 1•3 years ago
|
||
This is not clear text, for sure (we've argued internally). In fact I myself was confused about which setting I wanted just last week.
The one that says "tracking cookies" only blocks tracking cookies (including social media as a subset of "tracking"). But it DOES block them. [for devs: this option corresponds to an internal cookieBehavior setting of 4.]
"cross site cookies - including social media cookies" turns on the "Total Cookie Protection" feature. Honestly we should just label it that! Doesn't explain anything, but at least there would be a feature name people could go look up. [Corresponds to internal cookieBehavior 5.] This setting doesn't actually "block" cookies, it segregates them into isolated worlds, so when you're on CNN.com a tracker can set one value, and when you're on foxnews.com that same tracker domain will get a different value and think those are two separate people. This applies to ALL "3rd party" cookies, not just the ones we've identified as tracking cookies. It still frustrates tracking--including by trackers we haven't found yet--but breaks fewer sites than full 3rd-party cookie blocking.
|
||
Updated•3 years ago
|
|
||
Comment 2•3 years ago
|
||
Bumping to P2 since we're rolling out TCP to Firefox release, we want to make it easier to understand for users.
|
||
Updated•3 years ago
|
|
||
Comment 3•3 years ago
|
||
A disclaimer: It's been a bit since I was deep in this work so my understanding of the differences between these nuanced types of protections, and why we've used variations in the language between the standard/strict/custom modes is a bit fuzzy. Accuracy checks on my proposals here are needed and welcome.
I don't think introducing Total Cookie Protection is the right call since, to your point, this won't explain anything, and the "All cookies (will cause some websites to break)" option at the bottom of that dropdown list in Custom could be conflated with "Total Cookie Protection" (All/Total are pretty similar). No great solution here, and whatever we do is a copy band-aid, but here are two suggestions:
Option 1. Drop mention of "social media cookies" in Custom mode. We lose the parallelism with Standard and Strict mode but maybe it is a safe assumption that anyone using Custom understands that "social media cookies" are a subset of tracking cookies. This option would look like this:
Custom
Choose which trackers and scripts to block.
1: Cross-site tracking cookies
2: Cross-site tracking cookies, and isolate other cross-site cookies
... no changes to remaining options...
Option 2. Update all modes to simplify and align across modes, making "social media trackers" a proper subset throughout. Allows us to simplify and align but may not be technically accurate.
Standard mode:
Firefox blocks the following:
- Cross-site tracking cookies (includes social media trackers)
- Cross-site cookies in Private Windows
- Tracking content in Private Windows
- Cryptominers
- Fingerprinters
Strict mode:
Stronger protection, but may cause some sites or content to break.
Firefox blocks the following:
- Cross-site tracking cookies (includes social media trackers)
- Cross-site cookies in all windows
- Tracking content in all windows
- Cryptominers
- Fingerprinters
Custom
Choose which trackers and scripts to block.
1: Cross-site tracking cookies (includes social media trackers)
2: Cross-site cookies in all windows
... no changes to remaining options...
|
Assignee | |
Comment 4•3 years ago
|
||
(In reply to Meridel [:meridel] from comment #3)
A disclaimer: It's been a bit since I was deep in this work so my understanding of the differences between these nuanced types of protections, and why we've used variations in the language between the standard/strict/custom modes is a bit fuzzy. Accuracy checks on my proposals here are needed and welcome.
No great solution here, and whatever we do is a copy band-aid...
This was the consensus of our team as well.
We also discussed a few options in our meeting and didn't come to a change we thought was best.
I'm partial to Option 1. I believe it is reasonable that anyone in Custom mode will infer that social media trackers are in the set of tracking cookies blocked. Especially given the context and parallelism of structure that still exists with Standard and Strict text (i.e. blocking and isolation options).
|
|
||
Comment 5•3 years ago
|
||
Thanks Meridel!
Short term (for this bug) I suggest we go with option #1. It makes the difference between the cookie behaviors easier to understand.
"isolate" is a very technical word, but I expect users who use the custom category to be power-users who are more familiar with technical language. After all currently the cookie drop-down (together with the checkbox) already maps to the 5 cookie behavior pref states, which are quite complex
Long term we should consider changing this UI surface in general to align more with our new protections. It should not be focus so much on tracker blocking. Overall we could simplify it, e.g. not mention all the different tracker categories explicitly. However this is out of scope for this bug.
|
|
||
Comment 6•3 years ago
|
||
I prefer Option 1, as well, because it is more minimal changes. Mike, are you in agreement?
|
|
||
Comment 7•3 years ago
•
|
||
I agree with your ideas for this surface, Paul. I had a conversation with Johann about this before he left - the need to move away from talking about individual protections. If this works gets prioritized for next year by PM, I would be happy to get someone staffed from content design so this gets the attention it needs.
|
|
||
Comment 8•3 years ago
|
||
I like Option #1 -- it is completely clear to me what it means. Or at least, I am confident rather than confused. I interpret the wording to mean: tracking cookies are blocked (not sent), and other cookies are partitioned ("isolated"). Hopefully that's actually what the feature does :-)
I like where you're going with Option #2, but I still hate that it reads as "Firefox blocks.... cross-site cookies". That wording doesn't fix the problem this bug was filed about: We don't block them, we isolate them. Maybe there's a way to re-word the heading, but you might have to move the verb into each item
In Standard mode Firefox will:
- Block cross-site tracking cookies (includes social media trackers)
- Isolate cross-site cookies in Private Windows
- Block tracking content in Private Windows
- Block Cryptominers
- Block Fingerprinters
... but I'm sure the current design was to avoid repeating that word over and over so I don't have a good alternative to offer
|
|
||
Comment 9•3 years ago
|
||
Thanks, Dan. Yep, the current content design of the ETP section was all framed around the concept of blocking, not isolating. The entire section needs revised to reflect our new offerings. I spent a good amount of time trying to wrestle the isolation aspect into current structure, and ended up with options like what you propose, concluded a redesign is needed, but a redesign was not in scope. At this point in time, I think we should go with option 1. It's an incremental improvement during a transitional time and people seem okay with it.
Mike, can you review/sign off?
|
||
Comment 10•3 years ago
|
||
Let's proceed with option #1. It is the best band-aid for now, until we can devote focused time and effort into solving the larger UX issue around privacy protections.
|
|
Assignee | |
Comment 11•3 years ago
|
||
Revise two strings, choosing "Option 1" from the discussion on Bugzilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=1740828#c3
|
||
Comment 12•3 years ago
|
||
|
|
Assignee | |
Comment 14•3 years ago
|
||
Thank you. This backout occurred because I had not submitted changes to Phabricator requested in the review and made locally.
|
|
||
Comment 15•3 years ago
|
||
|
||
Comment 16•3 years ago
|
||
| bugherder | ||
Description
•