This is Firefox's upcoming Permissions System
Back in mid-2016 we gave you a glimpse of the new permissions system that Mozilla was working on at the time for its Firefox web browser.
Mozilla worked on it a bit more in the meantime, and plans to launch an updated version of it soon that improves the user interaction with permissions in several ways.
While there has always been permissions in web browsers, think of allowing or disallowing cookies or JavaScript for instance, recent advanced in web technologies brought along with them new ways for sites and services to interact with the browser.
Non-default permissions, those that require access to a system's web cam, microphone or other sensors for instance, require elevation in Firefox. This means that Firefox will prompt the user when a site requests access to these features, and it is up to the user to grant or deny the request.
Firefox Permissions
The old system that Firefox uses right now in the stable version of the browser has its usability flaws. It is for instance easy enough to dismiss prompts by clicking elsewhere, and users appear to have troubles bringing the prompt back up when that happens.
It is also difficult to manage individual permissions for sites according to surveys and tests that Mozilla conducted in the past to analyze the current system.
The new permissions system, which is activate in Nightly versions of Firefox already, improves user interactions with site permissions significantly.
We talked about the new sticky permissions prompt already that is displayed when a site requests a permission. Options are clearer in the prompt, and it is not possible anymore to accidentally dismiss it without making a selection.
The icon the prompt uses indicates the permission request. A new feature that makes things even easier is that Firefox highlights permissions that you declined in the address bar next to the "information" icon.
The icon indicates if special permissions have been granted, and opens the permissions dialog. Blocked permission requests are highlighted in the address bar to indicate that to the user, and give users a chance to activate them quickly if the need arises.
Furthermore, disallowed permission requests are now displayed as strikethrough icons in the Awesome Bar to hint at the potential cause of site breakage. For example a video conferencing site will probably not be functioning very well if you reject its camera permission request.
A click on the icon, or the information icon, opens the new permissions dialog of Firefox.
This dialog shows permissions directly, allowing you to remove them with a click, or allow or block permissions directly from there without having to go anywhere else in Firefox for that.
If you see a small dot in the top right corner of the i-icon, it means that the site has been granted elevated privileges.
You can still open Page Info from that dialog though to open the full permissions listing for the site, and make changes to it.
WebRTC
Audio, video and screen sharing permissions are improved as well. Screen sharing for one does not require sites to be added to a whitelist anymore. All sites may use WebRTC screen sharing in Firefox when the change lands.
Firefox users have to select the window they want to share from a list -- the default is no window -- and a preview of that window is displayed for verification purposes.
Firefox will ask the user if the entire screen or other important screens are to be shared.
Mozilla introduced a permissions manager back in 2011 in Firefox that gave you control over site permissions, but removed it later on.
Additional information on the permission system changes are available here.
Now You: What's your opinion on the new permissions system?
WebRTC leaks your real IP address if you’re behind a VPN according to privacytools.io: https://www.privacytools.io/#webrtc
Here’s a handy site to show what else your browser reveals about you: https://whoer.net/#extended
Allow xyz to “see your screen” – way to go Mozilla. My mother would have a panic attack if a popup like this appeared. What a nice way to introduce a new “feature” to people who aren’t very tech savvy. Hell, I don’t even know what “see your screen” is supposed to mean.
It’s a web standard candidate. Other browsers implement that too. It’s clearly one of the permissions to be granted with care. Now try to figure out why they chose to feature one of those when introducing the revamped permission system, instead of “Do you want this website to load images ?”.
It used to be a web browser was just that, browse webpages, read stuff, go on about life.
Now we have an advertising company building software on top of what used to be open web platform, and every version they release they increase the amount of information they have bit by bit.
Screen sharing or window sharing software ought to be something you do with an application outside of the browser. That’s a huge security hole they are introducing just by having the ability designed into the app. What’s worse is the authors think building this stuff into the software instead of just as a module is a great idea, which makes anything that was a bad idea that was kept in turn into a worse idea. Forget about asking people if they want to install official, version-ed packages from a standard repository.
This is what happens when you don’t smack software developers in the face with reality from time to time. They develop lord humongous syndrome and treat their customers like animals. It’s disgusting.
Google needs to be broken up on antitrust grounds.
A permissions overhaul of the (too?)open web is hugely overdue for a long time. The open web beats the mobile ecosystems hands down for encryption transparency, but for everything else, mobile ecosystems make the web look atrocious because those few people setting the standards and holding the power don’t want to disrupt the browsing experience. Hence they just don’t even think about scenarios like blocking a website before it loads in order present users with a choice of which permissions they allow.
I actually think it’s the opposite. Apps are awful because they obey their own arbitrary rules. It’s very hard to protect privacy and be trustful about security when you use apps accessing the web made by random people who very often implement spy tech.
On the web, it’s website developers who do this kind of things. They can try to spy on you or be dumb with security, but they have a whole lot less power than app developers. You are protected by web standards and your browser and extension developers. Up to a point, which is usually, your ability to use certain add-ons and a little knowledge (not that much is needed any more to get decent protection, IMO). There’s no equivalent for mobile apps.
Finally, blocking an entire website just to ask some well defined permission makes no sense. You load the website entirely except for the part that requires a permission, which you don’t run until you are allowed to. That’s what permissions already do.
Mobile apps (used to) ask permissions up front, which makes no sense. Not anymore with android 7
Decent flow:
– Keep warning about which permissions will be needed, that can’t hurt
– When the user installs the app, don’t grant all those permissions until they are used by the app, similar to what Mozilla is doing with Firefox: The user allows or denies on first request with the possibility to remember the decision.
– Let the app work without this or that permission, it won’t provide this or that functionality but will not crash and other features keep working. Fail safe.
– Let people handle permissions individually and remove or add them independently from app requests
As opposed to:
– Warn user about required permissions
– When user installs, it means everything that was warned about is allowed
– Group harmless permissions along with very dubious ones within categories, and make apps request category permissions rather than specific ones
– Can’t modify permissions whatsoever, you use the app and submit to everything it requests or you GTFO.
Tell me, how is that better ?
Mozilla has taken many decisions by itsown… for the improvement of safety, navigation system, etc, disregarding the anything and anyone… Even the interface changed who complains about a lot of users, make it more unfriendly… I’m using Firefox from version 3.6… was the best browser… it was! Now they have a single purpose, as well as several versions to reach Chrome… nothing else matters!!! I signalled that many shortcomings… no response! I wonder, what for is feedback? Oh, yes… only for praise!
Are you kidding me ? All you get as software developer is complaints and also hate sometimes. People acting like everything is due to them precious little jewels stuck in a consumer mindset.
People who like a product mostly shut their trap about it.
How many more icons do we need in the address bar?
You can increase the length of the address bar if that’s too much.
Sounds good and clean to me! Will see how it goes when it lands on Release.
Now if they could add a permission for Canvas or something, well, I guess it depends what it’s used for on the web. If it’s mostly games and tracking, then a permission is good. If it’s random graphics elements all over the place, a permission does not make sense for all users to have. (Only those who know what’s up)
WebAudio too, maybe. It’s just as strong as Canvas for fingerprinting, plus there’s this whole cross-device tracking through ultrasounds that is going to spread. Not sure how practicable that would be to hide WebAudio behind a permission though, there IS such a thing as warning fatigue, and it’s counterproductive.
I suspect/hope that whatever Tor comes up with regards audio frequencies ( https://trac.torproject.org/projects/tor/ticket/13017 ) will be added via the Tor Uplift. If a Chrome extension (I forget the name) can do something similar, surely it won’t be long before this functionality comes to FF – right?
PS: There is a tor uplift ticket for prompting about canvas ( https://bugzilla.mozilla.org/show_bug.cgi?id=967895 ), as well as one for faking ( https://bugzilla.mozilla.org/show_bug.cgi?id=1041818 ). I for one would rather zero prompts as I fake all. Same would apply to WebAudio regards those frequencies – block all, never think about it again.