Application Cache (manifest) notice sounds malicious




7 years ago
6 years ago


(Reporter: Michael Dayah, Unassigned)


6 Branch
Windows 7

Firefox Tracking Flags

(Not tracked)




7 years ago
User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; WWTClient2)

Steps to reproduce:

Visit a site with an applicationCache (manifest).

Actual results:

A notice appears that sounds malicious. Many visitors contact me letting me know my site has a virus and recommend others not visit it for that reason. The notification bar text in English reads, "This website () is asking to store data on your computer for offline use."

While the notice is clear to me, if one is not familiar with application caches or caching in general, this sounds like a toolbar or executable wants to download something. Arguably, the text could refer to the download of any file to the computer. That's what downloading does, make something available for offline use.

Expected results:

User testing should be done to determine what users think of this message and how its wording can be improved to reveal what clicking Yes will actually do. The current message is highly ambiguous and misleading and requires knowledge of caching to understand. It makes several mistakes. It does not explicitly explain that clicking yes will allow you to visit the site when you're offline and nothing more than that. It does not refer to what this "data" is the site is asking to store. What ISN'T data?

An alternative message would be, "Do you want to store this web site on your computer so you can revisit it when you're not connected to the Internet?"

It's an exceptionally clear, accessible message that is more precise than the previous. It explains exactly what will be saved, where it will be saved, and why you would want to save it.

Comment 1

7 years ago
Furthermore, the portion of the notice that reads "this website is asking to store" is both technically incorrect and misleading. The site is making no such request. It's merely providing a URL to a manifest.
I think we're just going to stop asking entirely.  Chris, is there a bug on file for that already?

Comment 3

7 years ago
I believe this is the one you're referring to: I don't have a strong opinion either way on that, but it sounds like it has some blockers. Until that happens, I think changing the string should be a priority.

Comment 4

6 years ago
People continue to report the Application Cache message as malicious and suspect my site is malware. Here's a forum thread where the second post suspects the message is some sort of virus:
You need to log in before you can comment on or make changes to this bug.