Closed Bug 772072 Opened 12 years ago Closed 12 years ago

Add warning to Filelink about URL guessing

Categories

(Thunderbird :: FileLink, defect)

Product:
Thunderbird
Component:
FileLink
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 16.0

People

(Reporter: mconley, Assigned: mconley)

Details

Attachments

(2 files, 4 obsolete files)

Screenshot of applied patch
84.82 KB, image/png
bwinton
: ui-review+
Details
Patch v4
12.54 KB, patch
bwinton
: review+
bwinton
: ui-review+
Details | Diff | Splinter Review 
From the Filelink privacy review:

"We point the user at the privacy and terms of service of the providers. We also are requiring the providers not to expire files, so that the e-mail recipients don't end up with stale links.

Risk: A "surprise" may manifest itself is when a user mis-forwards the message to the wrong party and the file can be downloaded by an unintended recipient. This can happen with the current set-up if a user forwards an attachment to the wrong party, and is a risk inherent in email.

An added risk of this system is that the file is publicly available and not limited in accessibility to those who can access the message itself. This is like 'security by obscurity', which is not ideal, but acceptable in this case since users know the file will be uploaded to a sharing service.

Recommendation: Make it clear to users that uploaded files will be world-readable (to members of the world who know where to find it). "
Blake:

What do you think about removing the little ad at the bottom of the set of Filelinks, and including something like this warning instead?

-Mike
Assignee: nobody → mconley
Status: NEW → ASSIGNED
Attachment #640226 - Flags: ui-review?(bwinton)
Comment on attachment 640226 [details]
Proposed warnings in HTML and plaintext mail

I kind of like the ad, and I think that this warning is being displayed to the wrong people.  My understanding is that we're trying to warn the authors of the email, not the recipients…  So, I'm going to say ui-r-.

Thanks,
Blake.
Attachment #640226 - Flags: ui-review?(bwinton) → ui-review-
Attached patch Patch v1 (obsolete) — Splinter Review 
Adds a one-time-per-composer notification one the first batch of uploads are finished, warning the user about the visibility of their files.
Attachment #640226 - Attachment is obsolete: true
Closer? How's the language?
Attachment #640249 - Flags: ui-review?(bwinton)
Comment on attachment 640249 [details]
Screenshot of applied patch

Seems good.  I would say "may be accessible _to_ people"…  Or maybe "will be accessible to people"…

But other than that, ui-r-me.
Attachment #640249 - Flags: ui-review?(bwinton) → ui-review+
Tada!
Attachment #640247 - Attachment is obsolete: true
Attachment #640256 - Flags: review?(bwinton)
Comment on attachment 640256 [details] [diff] [review]
Patch that gives off warning notification - includes test

r- due to the following:

Open a compose window.
Attach a file.
Link it.
Wait for the new notification to show up.
Close the compose window.
Open a new compose window.
Marvel at the notification that appears when there are no attachments!  ;)

(In a similar vein, I don't get notified for the second compose window if I collapse the notification on the first one.)

Tests for those would also be nice…

Thanks,
Blake.
Attachment #640256 - Flags: review?(bwinton) → review-
Attached patch Patch v3 (obsolete) — Splinter Review 
Great catches! Fixed, and added tests for those cases.
Attachment #640256 - Attachment is obsolete: true
Attachment #640587 - Flags: review?(bwinton)
Comment on attachment 640587 [details] [diff] [review]
Patch v3

Open a compose window.
Attach a file.
Convert it to an UbuntuOne link.
Look at the pretty error message.
Close the window, without saving the draft.
Open a compose window.
Attach a file.
Convert it to an UbuntuOne link.
Wonder where the pretty error message is this time…  :(
Open a compose window.
Attach a file.
Convert it to an UbuntuOne link.
Hey, there it is!  :(

Apparently I missed my calling as a tester…  ;)

Later,
Blake.
Attachment #640587 - Flags: review?(bwinton) → review-
(In reply to Blake Winton (:bwinton - Thunderbird UX) [On vacation until July 6th!] from comment #9)
> Comment on attachment 640587 [details] [diff] [review]
> Patch v3
> 
> Open a compose window.
> Attach a file.
> Convert it to an UbuntuOne link.
> Look at the pretty error message.
> Close the window, without saving the draft.
> Open a compose window.
> Attach a file.
> Convert it to an UbuntuOne link.
> Wonder where the pretty error message is this time…  :(
> Open a compose window.
> Attach a file.
> Convert it to an UbuntuOne link.
> Hey, there it is!  :(
> 
> Apparently I missed my calling as a tester…  ;)
> 
> Later,
> Blake.

Ah, figured it out. Dumb error. I'll have the fix and more test cases up soon.
Attached patch Patch v4Splinter Review 
Hey Blake - mind taking this one for a spin and seeing if you can shake anything else loose?

-Mike
Attachment #640587 - Attachment is obsolete: true
Attachment #641467 - Flags: review?(bwinton)
Comment on attachment 641467 [details] [diff] [review]
Patch v4

>+++ b/mail/locales/en-US/chrome/messenger/messengercompose/composeMsgs.properties
>@@ -361,16 +361,17 @@ bigFileHideNotification.check=Never noti
>+cloudFilePrivacyNotification=Linking is complete. Please note that linked attachments may be accessible to people who can see or guess the links.

"may be" or "will be"?

Aside from that, I like it.  r=me!  (And ui-r=me, for completeness. ;)

Thanks,
Blake.
Attachment #641467 - Flags: ui-review+
Attachment #641467 - Flags: review?(bwinton)
Attachment #641467 - Flags: review+
comm-central: https://hg.mozilla.org/comm-central/rev/736f08622ee9
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 16.0
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: