Closed Bug 359107 Opened 19 years ago Closed 19 years ago

suspected forgery Google TOS refusal renders other choices un-reachable (can't change anti-phishing providers without agreeing to a EULA)

Categories

(Firefox :: Settings UI, defect)

Product:
Firefox
Component:
Settings UI
Version:
2.0 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: bugzilla, Assigned: rflint)

References

Details

(Keywords: verified1.8.1.2)

Attachments

(1 file, 3 obsolete files)

Branch patch v3
8.49 KB, patch
Gavin
: review+
jay
: approval1.8.1.2+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 Install 2.0 Open Tools->Options-Security In the suspected forgery section, switch to the second radio button: Check by asking [Google] about each site I visit Refuse Google's terms of service (cancel) popup window. Presumably there are other non-Google options in that popup menu. One cannot reach them without accepting Google's terms of service. That doesn't seem right... Reproducible: Always Steps to Reproduce: see Details. Actual Results: Forcing me to agree to Google's TOS in order to see my other choices is just plain wrong, imho, no matter how much I like Google. Expected Results: I expected to be able to select choices other than Google before clicking the radio button. Or you could make a non-valid default in the popup, and not let me continue without choosing one and agreeing to somebody's TOS.
Actually, Google is the only option in that popup menu. If other vendors offered a compatible service, you could install them as your anti-phishing provider of choice and select them instead of Google. Since there are no other choices right now, the Google TOS comes up right away, because you should obviously agree to the TOS before any data is sent to the provider.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Actually, I think this is valid. As in, the drop down list is populated from values in preferences. So you could install another phishing provider, but can't get to it until you agree to the Google privacy policy. Of course, when installing another phishing provider, the provider could be smart enough to change the drop down pref for you, but I'm not sure we should count on that. And this isn't a major issue right now since there are no other providers . . .
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
I certainly agree it's a non-issue in terms of functionality if Google is the only service provider so far. Seems like a UI issue still, and if it won't work right when there IS a second choice, well, then it turns into a real issue RSN. Obviously it can go on the back burner compared to just about any other (real) issue you guys have flooding in. I'm not going to be so rude as to change the status back on my own, but I don't think it should go off the radar if it's gonna come back to haunt you as soon as another provider steps up. [shrug] Maybe "new" and "lowest possible priority" would be best?
Status: UNCONFIRMED → NEW
Ever confirmed: true
See also bug 340740 comment 1, where I failed to get anyone to listen to exactly this.
*** Bug 359343 has been marked as a duplicate of this bug. ***
OS: Windows XP → All
Hardware: PC → All
Summary: suspected forgery Google TOS refusal renders other choices un-reachable → suspected forgery Google TOS refusal renders other choices un-reachable (can't change anti-phishing providers without agreeing to a EULA)
Version: unspecified → 2.0 Branch
So, I can see exactly how to fix this, by making the <menulist> enabled, and treating a change in it (once there's something to change it to) trigger switching radio buttons and popping the EULA if it's changed to a not-agreed provider, but I'm not touching it until it has UI Czar mandated UI described.
Keywords: uiwanted
Flags: blocking1.8.1.1?
Whiteboard: [Fx 2.0.0.1]
Not blocking 1.8.1.1 as long as there isn't another provider and no motion on a patch. Good thing to have for the branch, though.
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.1?
Flags: blocking1.8.1.1-
Attached patch Patch v1 (obsolete) — Splinter Review
Assignee: nobody → ryan
Status: NEW → ASSIGNED
Attachment #246656 - Flags: ui-review?(mconnor)
Component: Phishing Protection → Preferences
(In reply to comment #6) > So, I can see exactly how to fix this, by making the <menulist> enabled, and > treating a change in it (once there's something to change it to) trigger > switching radio buttons and popping the EULA if it's changed to a not-agreed > provider, but I'm not touching it until it has UI Czar mandated UI described. That would work, though it would be a little unusual to have a UI element activated on an unselected option. I'm not sure if there's another sensible way to do this with instant-apply, though. (Of course, when we get back into the world of multiple providers, then the local list is downloaded from a different source as well, isn't it? That gets us back to the original design for this preference which had the provider listed in the primary checkbox line, and then the radio buttons were options about the "level" of protection.)
Attached patch Branch patch (obsolete) — Splinter Review
Uses the branch-safe approach from comment 6. Also includes a fix for bug 355780.
Attachment #246656 - Attachment is obsolete: true
Attachment #247150 - Flags: ui-review?(beltzner)
Attachment #247150 - Flags: review?(gavin.sharp)
Attachment #246656 - Flags: ui-review?(mconnor)
Comment on attachment 247150 [details] [diff] [review] Branch patch uir=me assuming this is the screenshot you showed me over email
Attachment #247150 - Flags: ui-review?(beltzner) → ui-review+
Flags: blocking1.8.1.2+
Whiteboard: [Fx 2.0.0.1] → [Fx 2.0.0.1] needs review (gavin)
Do we need a different reviewer? Mano? Neil?
Keywords: uiwanted
Attached patch Branch patch v2 (obsolete) — Splinter Review
Cleaned up a few things in the original patch.
Attachment #247150 - Attachment is obsolete: true
Attachment #251848 - Flags: review?(gavin.sharp)
Attachment #247150 - Flags: review?(gavin.sharp)
Attached patch Branch patch v3Splinter Review
Fix a few things spotted by Gavin.
Attachment #251848 - Attachment is obsolete: true
Attachment #251848 - Flags: review?(gavin.sharp)
Comment on attachment 251854 [details] [diff] [review] Branch patch v3 r=me, but I'm a bit curious as to why this is a 1.8.1.x branch blocker. Neither this nor bug 355780 really seem all that serious, especially given that we only have one provider at the moment. I'm not really sure that the benefits of taking this patch on the branch outweigh the risks in this case.
Attachment #251854 - Flags: review+
Whiteboard: [Fx 2.0.0.1] needs review (gavin) → [needs approval]
Attachment #251854 - Flags: approval1.8.1.2?
Comment on attachment 251854 [details] [diff] [review] Branch patch v3 Approved for 1.8 branch, a=jay for drivers. We think this is the right thing to do to be prepared for the future (if we ever work with other partners for phishing protection)... but if others have good reasons why we want this, please share you thoughts. Thanks.
Attachment #251854 - Flags: approval1.8.1.2? → approval1.8.1.2+
Whiteboard: [needs approval] → [checkin needed (1.8 branch)]
Whiteboard: [checkin needed (1.8 branch)] → [checkin needed][checkin needed (1.8 branch)]
mozilla/browser/components/preferences/security.js 1.9 mozilla/browser/components/preferences/security.xul 1.14
Status: ASSIGNED → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → FIXED
Whiteboard: [checkin needed][checkin needed (1.8 branch)] → [checkin needed (1.8 branch)]
Gavin: Just a reminder to land this on the 1.8 branch when you get a chance. Thanks!
mozilla/browser/components/preferences/security.js 1.3.2.7 mozilla/browser/components/preferences/security.xul 1.5.2.8
Keywords: fixed1.8.1.2
Whiteboard: [checkin needed (1.8 branch)]
verified fixed for 1.8.1.2. Tested with Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.2pre) Gecko/20070126 BonEcho/2.0.0.2pre ID:2007012603 and Linux Fedora FC6
Status: RESOLVED → VERIFIED
Keywords: fixed1.8.1.2verified1.8.1.2
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: