Firefox Settings: Permissions Management incoming
Mozilla plans to add a permissions section to the Firefox settings that allows users to manage certain permissions globally from the location.
If you have used Firefox for more than a year or so, you may remember that the browser shipped with a permissions management system before.
All you had to do was load about:permissions in the browser's address bar to open the management page, and manage permissions for all sites and services in that central location.
It was a handy thing to have, considering that it allowed you to check and change permissions for multiple sites quickly using it. Mozilla dropped the whole thing back when Firefox 45 was released, and Firefox users had to live without it up until now. I'm still puzzled as to why it was removed, as it was quite the handy feature to have.
While it is still possible to manage permissions of the active site, it is obviously more time consuming if you need to manage permissions for a number of sites, as you'd have to open them all one after the other to do so. Mozilla did improve the visibility of custom page permissions in Firefox 50, but that did nothing to the underlying management issue.
Firefox Permissions Management
With the update of the Settings page (about:preferences) that is still ongoing but already part of Firefox Nightly, comes a new initiative to re-introduce permissions management to Firefox.
Mozilla plans to integrate the new management options in the Firefox Settings this time.
Note: The screenshots are mockups, and development is ongoing. This means that there is a chance that things may change along the way.
Permissions will be added to the privacy & security part of the new Preferences page of the Firefox browser.
The first mockup screenshot that you see above lists the four permissions location, camera, microphone and notifications. Each has a settings button next to it which you may activate to manage all custom permissions of that particular type.
The click on settings opens the list of sites for which that permission has been set (either allowed or disallowed).
It features a search to filter sites quickly, and lists sites with their URLs in the listing. To change a permission, simply click on the status and switch it to allowed or blocked, or use the "forget" options instead to remove the custom permission for that site completely.
Comparison to about:permissions
So how does the new permissions manager compare to the old? The first thing that you may notice when you compare the two is that it takes more clicks in the new to manage permissions for individual sites.
If you wanted to remove all permissions of a site, you'd not only have to click on all four settings buttons, you'd also realize that you have to do so even if it turns out that a particular permission has not been granted.
The new permissions manager, at least in the current state of development, lists fewer management options on top of that. While you may manage locations, camera, microphone, notifications, pop-up windows, and add-on installations, it does not list options to maintain offline storage, cookies, or several other permissions yet.
Firefox users may find some of those elsewhere, cookies and password permissions are managed under Privacy & Security as well for instance. Still, this means even more browsing and clicking to manage all permission.
The moving of the permissions system to the preferences is a welcome change however, as it gives the manager a dedicated home in Firefox. You may remember that about:permissions was never integrated into Firefox through links in the UI, and that users had to know about the resource to make use of it.
Closing Words
The return of global permissions management in Firefox is a welcome, overdue, change. I wish Mozilla would reconsider using a site-focused approach, and not one that focuses on particular permissions for managing these permissions though. (via Sören)
Now You: How would you like Firefox's new permissions manager to look like?
Referring to the statement,
“…even if enabled, no website (!) is able to use your camera, microphone or to use the Geolocation API without your agreement…,â€
I only partially agree with that.
The truth is, those particular restrictions you’re referring are not going to stop a dedicated hacker with the right resources, unless of course you already have other forms of system-hardening and exploit-mitigation in place, but even then, as a general rule of thumb, user’s still need to be on guard when they go online, especially in today’s cyber-threat landscape.
When it comes to settings in general, it’s always best to air on the side of caution, and if a user doesn’t know what they’re doing, they shouldn’t mess with the setting.
In either case, before attempting to change any configurations related to accessing one’s device camera, mic, etc…, users really need to learn, understand and properly practice a layered system security approach, especially if you’re using Windows and are one of the many millions of customers who’ve decided to stick with Win 7, despite Microsoft’s aggressive push to get everyone onto Win10.
Some say Win10 is more secure, but, really, the proof is in the pudding. Many investigations into the background processes taking place on a Win10 system, as well as the kernel modifications Microsoft made with the upgrade, already have had many security industry experts scratching their head since it’s inception.
And if that isn’t enough of a deterrent for most end users, then consider actually reading the new Privacy Policy, EULA and ToS agreements Microsoft now baked into it’s Win10 piece of advertising rubbish. The language itself is carefully worded to protect Microsoft’s, and it’s affiliate partner’s full-on exploitation of a citizen’s Personally Identifiable Information, and even goes so far as to grant Microsoft part owner-ship rights to your identity and personal information, should you choose to accept the agreement and proceed down that onerous, yellow brick road.
If you’re still using Windows 7, the fact remains, there are still plenty of ways to keep a Win 7 system highly secure. Additionally, with Win7 you also have far greater control over the entire system itself——unlike with Win 10, where Microsoft permanently baked in specially locked registry keys, so you can’t turn off all of their telemetry nor other similar processes, even if you wanted to. Sure you can use third-party software that may reduce some of the telemetry, but really it’s just doing what Win10 will already allow you to do, if you know where to look to find that particular setting or configuration.
It also seems that Mozilla intends to continue to support Windows 7, at least for the foreseeable future, so unless you require the use of Win10 due to a restricted work environment, Windows 7 is still the best option in terms of [ True ] overall system security.
A final word of advice for any user intent upon changing configurations that might open you up to exploitation, if you don’t know what you’re doing——Don’t mess with it period!
Instead, ask for professional help and consider also taking a course in computer system administration and cyber security. There are many institutions and companies these days that offer online learning for a nominal fee or even free in some instances.
There’s no substitute for the right knowledge. Having it can empower you to make better online and computer operating decisions, especially when it comes to cyber-security.
Agree. Staying with Chrome until Mozilla stop targeting the “for dummies” users segment..
One thing I like about Chrome over Firefox (a more useful and informative site info popup that shows alsmot all information in a single damn window: https://imgur.com/a/n8g5w
Will it have a setting where we can deny permission for removing the ability to use legacy add-ons. :-)
i prefer about:data from seamonkey, it’s neat
I’m not a fan of the new restructuring of the preferences in Firefox Nightly, IMO I think they were better organized previously.
It doesn’t seem worth bothering with anymore somehow. So much will change come FF57 with what looks like 65% or more of popular extensions ceasing to work because they won’t be ported to WE.
I doubt if a reintroduced permissions option will cause the thousands of users like myself who’ll jump ship once the “Fire” goes out in the Fox to return in large numbers.
+1
The downside of permission management is that, if you allow your browser to store any such state, web sites will find ways to “probe” for what you stored and thereby track you across browser sessions. To avoid tracking, you have to clear all state including permissions, unfortunately.
The number of bits that are used for those ON/OFF settings is very low, so a good identification of the browser based on them is almost impossible, even if the sites are starting to probe them.
Okay-ish. I’d like to be able to globally disable things like webcam, microphone, location, notifications, etc.It’s a step in the right direction, definitely, but contantly being harassed by popups like: this site wants to access your location, this site wants to access your webcam, this site wants to send you notifications, etc, is not fun.
Chromium allows you to disable all these, and I always wondered why Firefox can’t. I mitigated some of them, like location though config and webcam via device manager, but for microphone there’s not much that I can do on a laptop besides disabling the entire sound card, and for the rest..? There doesn’t seem to be a perfect solution, like an “off” button/config.
You can disable almost everything in Firefox via about:config. It’s a terrible idea to expose user visible settings to disable web standards because most people don’t know what they do. But if you think you have to disable one or more web standards you can do that in Firefox. Additional, even if enabled, no website (!) is able to use your camera, microphone or to use the Geolocation API without your agreement. But I don’t see a big problem. I am a power user and visit hundreds of websites every day. I almost never see a permission prompt because most websites don’t need these kind of features.
Oh, ok. RTC is already disabled. I don’t have any plugins, ditched Flash a long time ago when VK decided to switch to HTML5.
Oh, and you should disable or uninstall the Flash Player because Flash applications don’t need WebRTC for camera or microphone access. ;)
Camera and microphone are WebRTC, so you have to disable WebRTC. I am not at home so I can’t look which preference you have to change, but I know there is a preference for WebRTC. ;)
How do I disable webcam and microphone via about:config? On a search for “cam” and “mic” there doesn;t seem to be a flag which could contol either of them.
For cam I get
camera.control.face_detection.enabled;false
Which doesn’t seem like it would disable the webcam access completely.
For mic there’s nothing.
I already had notifications disabled apparently:
dom.webnotifications.enabled;false
Must have done it in the past and forgot.
I love Firefox for a bunch of reasons, but permission management has never been one of them. I use default deny for just about everything, so I’m a heavy permission user, and I rely on add-ons to get UX that is fluid enough.
Whether it is NoScript, uBlock Origin, Cookie Controller or whatever. I like the built-in per-site UI of Firefox though (the “i” icon in the address bar). But yeah I think stock browsers have room to improve UX regarding site permission management.
> I’m still puzzled as to why it was removed, as it was quite the handy feature to have.
It was a never finished feature, it was hidden (so almost no user missed this feature) and the most important thing: “occasionally people forget to update it” (#933917). And there was and is a lot of permission related work so the implementation probably has to be up to date. So it made sense to remove it. Also you can read about the UX problems of about:permissions on the removal ticket. But it’s great that there will be finally a new permissions UI. The mockups are much better than the old about:permissions in my opinion. In about:permissions it was very difficult to scan for non-default settings. I am looking forward to see this Outreachy project completed.