Closed Bug 682455 Opened 13 years ago Closed 5 years ago

Granting permission to a specific site to access geolocation five times should not grant this permission permanently

Categories

(Firefox for Android Graveyard :: General, enhancement)

Product:
Firefox for Android Graveyard
Component:
General
Platform:
ARM
Android
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: imelven, Unassigned)

Details

(Keywords: privacy, ux-control) 

It's my understanding that in Fennec, if a particular site asks the user to access their geolocation five times and the user answers 'yes' five times, we then always allow the content to access the geolocation after that without prompting again. 

I'm not sure if it's 'five times per browsing session' (resets if browser is exited/killed) or 'five times ever' (counts across restarts etc.). The former is better, but still problematic, 

There's been some privacy/security concerns raised about this behavior. A potential mitigation suggested is to ask the user the 5th time, along the lines of a dialog saying 'grant access and continue to grant access without prompting', assuming we don't already explicitly tell the user we are doing this and asking them if it's ok. IMO, the best approach is a full 'remember this answer' style dialog (if possible given the mobile UX) and then UI around revoking this permission grant later.
Keywords: sec-review-needed
I thought desktop did it the same way?
this is what the iphone does.  it is kinda a standard way of doing things if you don't allocate extra space to a 'remember me' check box.

What specific privacy/security concerns were raised about this behavior?

Showing extra text doesn't buy us anything.  If you want to discuss this further, lets use the newgroups/mailing list.

This is not a bug.  Marking INVALID.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
Keywords: privacy
Maybe I'm being OCD here but "INVALID" does sound right.  The point being raised is valid (i.e the user may not be aware that the decision is saved permanently after 5 responses).  If we don't have a viable mitigation for this that's fine, but it doesn't invalidate the underlying concern.
Resolution: INVALID → WONTFIX
Sigh: /does/doesn't/
just a note here that this isn't actually what the iPhone/iOS mobile safari does : it does remember the decision after 2 'yes' votes, but then only remembers that for 24 hours, not permanently.
yeah, that changed recently iirc.  we could do something similar, i suppose.
Severity: normal → enhancement
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
i'd be in favor of time limiting the granted permission although 24 hrs does seem kind of arbitrary and only the icon displayed lets the user know this has happened, however i'd still prefer a full 'remember this decision' (either checked by default or not, android stock is checked by default which is fine by me) experience if possible. especially since unlike android and ios, we allow users to clear granted location permissions PER-SITE where they only allow 'clear all remembered location decisions' globally, so i think we have a better experience in that regard and could take more advantage of it.
another note here that Firefox (on desktop and Fennec) prompts much more than the other desktop/mobile browsers i looked at when doing a survey of geolocation permissions across different platforms - other browsers prompt once and then do NOT prompt again if a geolocation API is called (sometimes even across reloading the page for some browsers) - in my testing, Firefox prompted on every call to a geolocation API.
Keywords: ux-control
OS: Windows 7 → Android
Hardware: x86_64 → ARM
Flags: sec-review+
Closing all opened bug in a graveyard component
Status: REOPENED → RESOLVED
Closed: 13 years ago5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.