Closed Bug 832660 Opened 12 years ago Closed 7 years ago

"maintain offline storage" permission(s) confusing and incomplete

Categories

(Firefox :: Settings UI, defect)

Product:
Firefox
Component:
Settings UI
Version:
18 Branch
Platform:
x86_64
Windows 8
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: schildkroetewd, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: privacy, sec-want)

Attachments

(4 files)

Screenshot.png
1.09 MB, image/png
Details
Suggested Firefox Privacy Settings (a).png
46.82 KB, image/png
Details
Suggested Firefox Privacy Settings (b1).png
34.26 KB, image/png
Details
Suggested Firefox Privacy Settings (b2).png
40.16 KB, image/png
Details
Attached image Screenshot.png
User Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 Build ID: 20130116073211 Steps to reproduce: I am using version 18.0.1 of Firefox on Windows 8. When I visit the page http://robnyman.github.com/html5demos/indexeddb/ with a fresh profile, the site is storing a picture in a indexedDB store and loading it from there to display on the page. I tried also the nightly releas (2013-01-19) for this behavior and there seems to be no difference. Actual results: The page stated above is loaded correctly and there is no dialog asking to enable offline storage. Expected results: According to default settings (Options > Advanced > Network > "Tell me when a website asks to store data for offline use" is enabled by default) I should have been asked to enable offline storage for this site.
Our UI and permissions are exceptionally unclear about the different types of data that can be stored locally, and the wording of this option (in the 3 different places it appears) doesn't help. localStorage is treated like Cookies: - if cookies are blocked then so is localStorage - if you forget all cookies for a site then localStorage is cleared - if your cookie settings are such that cookies last for the session only then localStorage is only held in memory and also go away when you shut down the browser - otherwise there's no visibility into how much or what is stored There's an "Appcache" feature to store web pages and sub-resources (scripts, images, style-sheets, etc) for offline use. THIS is what the visible preference controls (the sub-resources are what it's calling "data"). IndexedDB - Like cookies and localStorage, if the feature isn't disabled sites get to use it. A need to ask first was deemed a bad experience and likely to make it too unreliable a feature for sites to use. - If a site uses "too much" data (the "warningQuota" defaults to 50Mb) then the user gets asked - unlike localStorage the "session only" cookie setting is irrelevant - Like localStorage the feature was implemented before any UI was designed. There is no visibility into which sites are using it, how much data is stored, nor any way I know of getting rid of it (maybe the "forget this site" feature that blows everything away, but maybe not) There are probably existing bugs describing this confusing state.
Group: core-security
Status: UNCONFIRMED → NEW
Component: Untriaged → Preferences
Ever confirmed: true
Keywords: privacy, sec-want
Summary: "maintain offline storage" permission doesn't work → "maintain offline storage" permission(s) confusing and incomplete
FWIW I don't expect actual design work to happen in this bug since it starts out specific to only one storage type. What we really need is a comprehensive UX design of how users find out about and control locally-stored data. When we treat each type as a separate silo it's hard for users to make sense of it all. Average user: uses defaults, doesn't need to know anything (the defaults we choose are crucial) Concerned user: wants to know which sites are storing stuff, but mostly just wants to know how much data and have the ability to delete it and prevent it. Expert: if you need to know and/or edit the values of individual cookies you probably also need to know the values of individual localStorage entries or the ability to examine your IndexedDB data -- right now we only expose cookies to this level. This could be relegated to the developer tools section.
Isn't this kinda-sorta about:permissions^? That seems to have an extensible model for this kind of thing. ^shipping, but incomplete / not accessible from the UI anywhere AFAICT
See Also: → 781984
I suggest to update the Privacy Settings panel in Firefox. Either by (a) Adding an additional group of settings for each storage, like depicted in attached image "Suggested Firefox Privacy Settings (a)" ...
... Or by adding a tab strip and adding the same group of settings for each of the local storage devices, like depicted in attachment "Suggested Firefox Privacy Settings (b1).png" ...
... and "Suggested Firefox Privacy Settings (b2).png"
Comment 0 no longer appears to be a problem. The more recent comments are tracked by bug 1102808.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: