Restore per-each-element click-to-play

Tetsuharu OHZEKI saneyuki.s.snyk at gmail.com
Wed Jun 26 15:28:33 UTC 2013


> In case I wasn't clear, I meant that the click-to-activate UI is the UI for
> new plugins.

Yes. I thought it. So I said that the previous UI can cover the
purpose for new plugins.

> Most user don't have any way to distinguish "malware" plugins from wanted
> plugins on a page, and it's folly to try and protect against that kind of
> thing.

This may be barren controversy. The attacker ordinarily hides their
injected mal-code because if user know he is attacked, it doesn't
continues attacker's benefit. I think the solution provided by
click-to-play decrease the risk as possible.


> The exact functioning is as follows:
>
> * for "Allow Now" the plugin is permitted to run for one hour. This
> permission is renewed each time the site uses the plugin. So if a user keeps
> using a site, plugins will continue to work on that site. "now" permissions
> will be forgotten when the browser exits.
>
> * for "Allow and remember" the plugin is permitted to run for 90 days. The
> permission is renewed as above. This intended to gracefully "forget"
> permissions that a user doesn't care about, while ensuring that if a user
> visits a site regularly and that site continues to use the plugin in
> question, the user will never see another prompt. If a site stops using a
> plugin (such as a bank stopping using Java, or a gaming site switching to
> HTML5 gaming) eventually the permission will expire and the user will regain
> some protections against malicious use.

The time based permitting will confuses the user. At the expire times,
user will be thrown into confusion if there is no any explain on when
user selected a permittion.


I agree that the current UI is good for providing click-to-play by
default for all users.
But I'm talking about how should we provide the click-to-play. At now,
the feature of per-each-element model is disappeared from Firefox.
This is a regression.

I thought that nightly channl is the phase for testing, blushing up,
and collecting feedback from users. But bugs were closed immediately,
but there are some comments. So what are we doing?  We should
discussed for polishment Firefox for next 6 weeks, next 6weeks, next 6
weeks.

So I re-propose that we introduce a new pref which actualize
per-each-element click-to-play. It can avoid the regression. And we
able to maintain the current behavior which is for all users.
And I also propose that we need to reconsider the old UI taste. The
old visual UI can provides a new behavior, and it's able to support
per-each-element model.
In this point, it's important that we keep the consistent of user
interfaces. This is very important.

--
Tetsuharu OHZEKI
saneyuki.s.snyk at gmail.com



More information about the firefox-dev mailing list