Closed Bug 1806056 Opened 2 years ago Closed 2 years ago

Enable users to report suspicious site permission add-on prompts

Categories

(Toolkit :: Add-ons Manager, enhancement, P2)

Product:
Toolkit
Component:
Add-ons Manager
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
110 Branch
Tracking Flags:
Tracking Status
firefox109 --- fixed
firefox110 --- fixed

People

(Reporter: bholley, Assigned: bholley)

References

Details

Attachments

(1 file)

Bug 1806056 — Enable users to report suspicious site permission add-on prompts.
48 bytes, text/x-phabricator-request
k88hudson
: data-review+
RyanVM
: approval-mozilla-beta+
Details | Review

When a site wishes to use a dangerous hardware capability like WebMIDI, Firefox prompts the user to install a generated Site Permission Add-On in order to proceed. This consent flow is intended to be scary and high-commitment so that sites can only access the hardware of users that are specifically intending to use that capability.

One problem is that, since Chrome grants this access to all sites without any prompting whatsoever, various non-MIDI-related sites unconditionally request MIDI access in order to fingerprint their users. Because we've made this shady site behavior visible in Firefox, users get a rather bewildering prompt. We've tuned the implementation to explain the situation a little better and automatically deny access when no MIDI devices are connected, but the couple-of-percent of our users that do have connected devices still get interrupted. Early telemetry from Firefox 108 shows about 20,000 bad-faith prompts per day, which is nontrivial.

We have a blocklist mechanism which we already use for one site that was doing this. It would be nice to add other frequently-visited offenders, but we don't have a good way of discovering them, because it would reveal an element of the user's browsing history and we don't do that without permission. But if we provide users with an easy means to share this information voluntarily, we can likely learn the major culprits.

The first screen of the add-on install prompt has a button titled "Don't Allow", with a dropdown menu offering "Never Allow". We can add a second dropdown item entitled "Report Suspicious Site" which has the effect of "Never Allow" plus submitting a telemetry event with the site domain. This is straightforward to do, and allows us to obtain the signal we need to reduce nuisance prompts while respecting user privacy.

Still need to do data review, but might as well get Luca's feedback here.

Severity: -- → N/A
Priority: -- → P2

Comment on attachment 9308631 [details]
Bug 1806056 — Enable users to report suspicious site permission add-on prompts.

Reviewed via data-review@mozilla.org mailing list for category 3 data by nneka and myself.

Attachment #9308631 - Flags: data-review+
Pushed by bholley@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/cadcf8d9a79e — Enable users to report suspicious site permission add-on prompts. r=rpl,flod

https://hg.mozilla.org/mozilla-central/rev/cadcf8d9a79e

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox110: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 110 Branch
Blocks: 1807852

Comment on attachment 9308631 [details]
Bug 1806056 — Enable users to report suspicious site permission add-on prompts.

Beta/Release Uplift Approval Request

  • User impact if declined: Telemetry shows about 20,000 nuisance prompts per day. We want to identify the sites behind the nuisance prompts in order to blocklist them, but after five days on Nightly we haven't received any non-test reports. Uplifting the reporting capability will accelerate its exposure to a wider set of users and let us identify the problematic sites sooner.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: Bug 1807852
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Adds a new option to an existing dropdown menu, which runs one line of logic (recording a telemetry event) before invoking the same logic as the adjacent menu item.

Exposure of this code is very low. Users only see it if they have MIDI devices, are prompted to use them, and choose to explore the hidden-by-default dropdown.

  • String changes made/needed: One new localizable string added ("Report Suspicious Site"). Given the extremely low expsure it's fine to fall back to english for higher-latency locales.
  • Is Android affected?: No
Attachment #9308631 - Flags: approval-mozilla-beta?

(In reply to Bobby Holley (:bholley) from comment #6)

  • String changes made/needed: One new localizable string added ("Report Suspicious Site"). Given the extremely low expsure it's fine to fall back to english for higher-latency locales.

NI flod for late string uplift review.

Flags: needinfo?(francesco.lodolo)

Comment on attachment 9308631 [details]
Bug 1806056 — Enable users to report suspicious site permission add-on prompts.

Thanks, approved for 109.0b9.

Attachment #9308631 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Depends on: 1812195
See Also: → 1817100
Depends on: 1824812
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: