Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 374406 - Sandbox is not an easter egg; it's a feature
: Sandbox is not an easter egg; it's a feature
Product: Graveyard
Classification: Graveyard
Component: Public Pages (show other bugs)
: 3.0
: All All
: -- normal
: ---
Assigned To: Nobody; OK to take it and work on it
Depends on: 374654
  Show dependency treegraph
Reported: 2007-03-18 13:02 PDT by Justin Scott [:fligtar]
Modified: 2016-02-04 14:51 PST (History)
18 users (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Description Justin Scott [:fligtar] 2007-03-18 13:02:37 PDT
I think that the sandbox is far too obscure, unknown, and misunderstood (or not understood at all). The likelihood of someone that may even be a perfect sandbox user candidate figuring out to create an account, log in, click on their email address, find a checkbox that doesn't explain what it does, check it, and notice the one word addition to the header in some places is slim.

I realize that we aren't advocating the sandbox for everyone, but I think that as long as users understand what the sandbox is, they should be fine using it. That's why I think we need to make the sandbox a little easier to figure out.

The idea I have in mind is having a box in some browse location that says something like "Can't find what you're looking for? Learn about the sandbox" or some other sentence with sex appeal that would attract sandbox users. When they click on it, they're taken to a page that explains all about the sandbox. What it is, what they'll find in it, and of course warnings about the content and that sandbox add-ons do not auto-update.

At the bottom of that page are 2 buttons/links/boxes [ No thanks, it's not for me ] [ Yes, take me to the sandbox! ]. Clicking yes will enable sandbox for the account and take the user to the sandbox.

Also, the "Add-on not found" message when you don't have the sandbox enabled is very misleading. Anytime someone gets to that page, they got a direct link from somewhere. They should be told that the add-on is in the sandbox, and to learn more about the sandbox, [go to the page described above]. (The page may need to change depending on whether the user is logged in. If they aren't logged in, the button should say Create an account and the sandbox should automatically be enabled when they create the account from that page.)

For bonus points, we could show the add-on display page but instead of an install button, have a link to the page above on how to enable sandbox and download the add-on.

So, I made this bug for productive discussion and it can serve as a tracking bug if we decide to implement the above ideas. Comments?
Comment 1 Mike Shaver (:shaver -- probably not reading bugmail closely) 2007-03-18 16:07:35 PDT
I don't want "sex appeal" to _encourage_ people to join the sandbox, or to use it to find things that they want to _use_ but aren't yet tested, but I could see text along the lines of "help test and improve add-ons! learn about the sandbox and how to review".

Having a FAQ entry about the sandbox would help too, though I suspect we'll see a fair amount of word-of-mouth about it as we roll out.  Before we point more people at it I agree that we should have more text that gives detail about the risks and intent, possibly moving sandbox .  (People should be using the sandbox because they want to test and help improve things to the point of public readiness by reviewing and giving feedback, IMO, not as a way for finding random software to use "for real".)  That it's obscure right now is not surprising to me at all, but I really do think that it's the interests of our users to gradually make it more visible as we learn more about how people perceive and use it, rather than push it more into the foreground now before we've even launched the site.

(The sandbox does dual duty as "totally untested bear traps of software" and "possibly safe/effective but niche/unpolished/etc.", so figuring out how to balance that -- or maybe split it further in the future? oy. -- will be important as we gather more data on it.)

The "Add-on not found" thing I agree about; having something like "Enwibblifier has no public versions.  You may be able to find it in the <a href="/user/sandbox">sandbox</a>, at your own risk" would be better; want to file that as a separate bug, possibly a dep of this?
Comment 2 Shawn Wilsher :sdwilsh 2007-03-18 17:40:13 PDT
I was under the impression that the sandbox was also to be used for niche extensions - ones that wouldn't have a general user appeal, but for a small community (maybe a specific site).  If that's incorrect, I feel that what has been said about the sandbox is either a) misleading, or b) incorrect according to shaver's post.

I can see a lot of extensions not getting out of the sandbox (unless we get more reviewers, but then we have to ask are they fully testing the extensions that they are approving), and with it being so undiscoverable (when I have a hard time figuring it out, I surely don't expect 90% of my friends to, even though they might want to do this), people won't be able to get their extension out.  fligtar made a very good point about it saying "addon not found" when you go to a link of an addon that is in the sandbox.  That is essentially the kiss of death for any extension if that's the first thing a user sees.  They'll think "oh, this link must be bad - I guess I don't really need to see what this extension is about anyway".  But, I see people are already talking about fixing that, so that makes me much happier!
Comment 3 Christian Höltje 2007-03-23 07:06:54 PDT
First off, I want to say that I really appreciate the hard work that the
AMO team does. I realize that the AMO team is going to and is taking
flack for the new rollout.  Please understand that this is because
everyone cares so much about AMO and Mozilla.  If we didn't love you,
we wouldn't kvetch.

Here is my perspective, as an extension developer:

I was punished for no reason.  I spent 3 months working on an
extension.  Now I get put in a hidden part of the site and my
extension is shown as "not available" via direct links.

I needed that 3 months of feedback.  Without it, my extension would
probably suck horribly.  Now it's really cool, reliable and works
great because of the feedback I got.  In the future, I don't see
myself getting feedback in the sandbox.

This has changed the feeling of AMO from being an open community to
being a Mozilla marketing tool. 

If the sandbox isn't visible, useful and easy to use, then nobody will
download anything from it.  If nobody downloads from the sandbox, then
extensions will be developed and shared from sites other than AMO.  If
they are developed and shared from sites other than AMO, then why
bother ever moving it to AMO?

This is also contrary to forming and keeping an open community around
AMO.  This is closer to what would be expected from a company trying
to create a new community to sell their product.  AMO became so
popular because it was a community first, marketing for Mozilla

I understand that the Sandbox is, in part, to try to protect users
from downloading crappy quality extensions and then blaming Mozilla.
But it's going to happen anyway.  The best you can do is advise them.
Hiding, removing, obscuring unsafe extensions will just cause *all*
extensions to move someplace else.

Here are my suggestions:

The sandbox should be visible for ALL users, logged in or not.

Change the sandbox to a "Beta Quality" sticker and put sandbox'ed
extensions back in the main pages.  It should be visible via a
direct URL, just like before.  It should only be searchable if the
user checks a 'show beta' checkbox.  A separate directory tree
should be kept for the sandbox'ed extensions, since they are not
certain to have correct catagories on them.

Old extensions that were previously public should be fast-tracked
into non-beta.  They have a track record and that should be

A meter should be added to all extensions showing when the developer
last updated, logged in, or responded to a discussion thread.  This
would be used as a sign of how much effort the developer is putting
into the extension and if the developer still exists.  This combined
with the discussions, ratings, etc. should give a user a good sense
of if an extension is current or not.


Comment 4 max1million 2007-03-23 15:48:30 PDT
Sandboxed extensions not likely to go public.

Now instead of having perfectly good or new extensions (even already released) at the end of the most popular list cause of fewer downloads and fewer updates to cause automatic downloads, they are hidden away in an if you find this section don’t bother cause they haven’t been tested or just aren’t any good section.

If you rely on "several" (how many?) users to be able to even find them, not to mention take time to, test, rate and nominate for public, before actually reviewing and adding to regular public section, you might as well forget them.

That will only reinforce the existing and most popular extensions, not serve to promote others. I thought promote other less popular extensions was one of the goals. 
Comment 5 Michael Morgan [:morgamic] 2007-03-25 22:57:29 PDT
Do we all agree that we should fix bug 374654 and provide a better message for sandbox add-ons?
Comment 6 Fred Wenzel [:wenzel] 2007-03-25 23:15:42 PDT
Absolutely. While the wording is arguable (we might not want to encourage the average user to download a potentially dangerous extension), "not found" is misleading and we should at least give a hint for the interested user and possible tester.
Comment 7 max1million 2007-03-26 02:25:37 PDT
I know it took me many days before finding some obscure blog or forum entry to find out that the extensions were still available but still had to jump through many unnecessary hoops to get to them. I would never have found access on my own as is, and believe I should have.

I feel a prominent link on every page (possibly a short description) leading to an  entry page with full description/warning should be enough, without requiring to first create an account,log in, poke every obscure link to find an obscure checkbox and still have to then select yet another obscure Sandbox link. Also have "Show all including Sanboxed" preference (cookie)on that page, so they can all be viewed, browsed, and seached at same time, but still have sandboxed items clearly distinguishable. If you still worry about displaying them rediect through the warning on every access or have another pref for "Don't show this message again", but still have sandboxed items clearly distinguishable.

1--"Show all including Sandboxed" 
2--entry page with full Sandbox description/warning and "Show all including Sandboxed" preference
3--viewed, browse, and search all at same time, sandboxed items clearly distinguishable
4--redirect through the warning with "Don't show this message again"
5--view the item, sandboxed items clearly distinguishable
6--prominent link on every page to switch back to normal on 1 click "Show only tested".

While may be a pain to change the code, it would make much more usable for those willing to try/use the extension even if they still don't give review. At least we would be able to see the hoops to jump through them.
Comment 8 max1million 2007-03-26 02:40:31 PDT
Even if at step 2 you require create account and login, though I don't see why it's needed, at least we see there is more.  They just don't exist now, or don't appear to.
Comment 9 Mike Shaver (:shaver -- probably not reading bugmail closely) 2007-05-23 05:23:09 PDT
We did the prompt-to-log-in thing here, I'm going to say that it's fixed.  (Mainly, I just hate the crappy and antagonistic summary on the bug, and also fligtar's face.)
Comment 10 Christian Höltje 2007-05-23 06:10:31 PDT

I suspect that you meant to be funny.  Can you clarify so that it doesn't look like you went rabid?

Comment 11 Mike Shaver (:shaver -- probably not reading bugmail closely) 2007-05-23 06:12:54 PDT
Sorry, in joke about the face-hating.  As you were!
Comment 12 Fred Wenzel [:wenzel] 2007-05-23 07:01:51 PDT
Yeah, that was really necessary -- as fligtar tends to take everything way too seriously and would've cried for a week straight otherwise.



Note You need to log in before you can comment on or make changes to this bug.