972362 - Improve click-to-play UX (shouldn't require more than one click or do not block page reload on door hanger click)

Status: RESOLVED WONTFIX

(Core Graveyard :: Plug-ins, enhancement)

Description

[Jonas H.]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release)
Build ID: 20131205075310

Steps to reproduce:

Set flash plugin to "click to play". Click "activate" button on page.


Actual results:

Another confirmation window (doorhanger thing) appears, asking you to confirm that you want to activate the plugin. This also provides the option to remember your decision for that particular plugin/site combination.



Expected results:

The flash object should have been activated without further user interaction. Another way should be used for the "remember decision" feature -- one that doesn't require a second user interaction if you only want to allow temporarily (default case).

Comment 1

[Cosmin Muntean [:cmuntean], Ecosystem QA]

Hi Jonas,

On latest Firefox release (43.0.4) plugin Adobe Flash have three options: Ask to Activate, Always Activate and Never Activate. All options works properly. A lot of things changed from Firefox 25.0 and also the flash plugin received several updates. Your issue could have been fixed along the way.

Firefox: 43.0.4, Build ID: 20160105164030, User Agent: Mozilla/5.0(Macintosh; Intel Mac OS X 10.11; rv:43.0) Gecko/20100101 Firefox/ 43.0

Can you please test this on the latest Firefox release (43.0.4) or latest Nightly (46.0a1, https://nightly.mozilla.org/) and tell me if this still reproduces for you ? When doing this please use a new fresh Firefox profile, maybe also in safe mode (https://support.mozilla.org/en-US/kb/troubleshoot-and-diagnose-firefox-problems). 


Thanks,
Cosmin.

Comment 2

[Jonas H.]

This still applies  to Firefox 43. Note that this report is not about an actual _bug_ but rather poorly designed UI.

Comment 3

[Tony Mechelynck [:tonymec]]

Setting RFE according to comment #2
Moving to "Core / Plugins" where most of the clock-to-play machinery is located.

Note that there is a subtle balance to be found here: with too many clicks, users will become bored and disable click-to-play, using "Always Activate" of "Never Activate" but never "Ask to Activate" on every plugin.

With too few at a time (but happening too often, e.g. for too many different plugins) some users may become inured to the are-you-sure question like they used to be for M$XT security warnings, and click without reading.

Comment 4

[Chris Peterson [:cpeterson]]

I think this design issue can be addressed if we make the click-to-play door hanger non-blocking. Once the user clicks the "Activate Adobe Flash" button, the page will reload, but only *after* the user clicks the door hanger's "Allow Now" or "Allow and Remember buttons". There is no need to block the page reload on the door hanger. The password manager's "Save Password" door hanger is an example of a non-blocking door hanger.

Comment 5

[Trevor Rowbotham [:rowbot]]

If I am reading this correctly, I believe that Jonas is asking that the Click-to-Play system be reverted back to how it functioned originally in Firefox 23 in that plugins could be activated independently of each other and without requiring interaction with a doorhanger.

Jonas, I believe the behavior that you are looking for can be achieved by using the Click to Play per-element add-on, which you can find here: https://addons.mozilla.org/en-US/firefox/addon/click-to-play-per-element/.

Comment 6

[Benjamin Smedberg]

As filed, we aren't going to fix this. The current design is optimized for two cases:

* Flash is insecurely out of date - the primary action we want is to get users to update Flash. They can choose "allow" as a temporary workaround to unblock them. We want to be safe from clickjacking attacks.
* Any other plugin is used by the page - the primary action is "allow and remember" for a particular site, which should happen once. The user is protected from clickjacking.

I don't know what "modal" means in cpeterson's context, but the point is that we do explicitly want to require two clicks to protect against clickjacking, since this is primarily a security and user-choice measure.

Comment 7

[Jonas H.]

This has nothing to do with out of date Flash.

Tony and Chris understand what my issue with the current situation is and how it should be fixed, and I'm happy to answer any questions you have.

My suggestion is to have click-to-activate (or right-click-to-activate), and offer "always activate" in the context menu of the plugin. No doorhangers or modals involved.

Comment 8

[Benjamin Smedberg]

I understand what you want, and I'm saying that we are not going to provide that, because it's not the right tradeoff for the situations where this is important.

Comment 9

[Jonas H.]

I respect that decision.

Although, FWIW, I think it's a terrible choice. It makes me disable the click-to-activate security feature because it's so annoying that I have to deal with this "are you sure?" kind of window every time Flash is used somewhere. I can't speak for anybody else, but for me "Allow and remember" definitely *isn't* the default action for the following reasons:

* It accumulates to a list of sites I've visited, i.e. a second browsing history, which is a privacy issue.
* All other Flash objects, possibly annoying or dangerous ones, will automatically play in the future.

The way Google Chrome implements this is a lot less annoying. The default action is "run once". If I want to whitelist a whole page, I'll have to go somewhere to the settings, which is fine for more because this happens so rarely. My current Google Chrome plugin whitelist contains less than a dozen pages.