The new UI is much better - good work! Gavin
On Mon, Aug 17, 2015 at 8:02 AM, Michael Verdi <[email protected]> wrote: > Hi, > Here’s a quick comparison of the various full screen notifications - > https://youtu.be/K5S-WGDIvLI > Our new interaction is much less onerous on the user - comparable to the > flash full screen interaction. It even requires less interaction than > Chrome does. > Thanks, > Michael > > -- > Michael Verdi • Firefox UX • blog.mozilla.org/verdi • irc: verdi > > On Aug 16, 2015, at 11:22 PM, Matthew Turnbull <[email protected]> > wrote: > > First off, I have to say that I do like the new UI, regardless of the > impetus for the change. > > However, I'm also not entirely sold that this has a strong impact on user > security. I doubt the practicality of such an attack, since you would have > to reasonably match: > > * The OS native theme. > * The browsers chrome elements and theme. > * Basic browser chrome functionality and behavior. > * Have the user overlook that the browser just flipped out when visiting a > site or clicking a link. > > Fortunately for the user, the first two aspects are incredibly easy to > change. For example, when I tried the proof of concept, my browser theme > went from light grey to dark gray and all of the toolbars - and their > contents - changed. If a malicious site is able to accurately capture the > state of, and reproduce, the desktop and browser chrome, I'd say that is a > much more serious issue than triggering full screen. > > For me, the biggest issue with this attack is getting the user to ignore > the browser spontaneously maximizing/full screening, witch is rather > jarring. I expect most users will only intentionally enter full screen when > playing a game or watching a video, so having the browser do it on it's own > would hopefully be enough of a red flag. But if you can get the user to > ignore that, then they're probably also going to ignore, or be oblivious to > the full screen notification. > > I will grant that there is a large number of users that do not make > cosmetic changes to their OS or Firefox, so they would be much more > susceptible to an attack like this. But these user are also not likely to > want a knob to turn off the notification. > > So, implementing a option, per site or globally, to turn off this nag > doesn't seem like an entirely unreasonable request. I know I certainly > would turn it off. > > On 08/16/2015 11:53 PM, Eric Rescorla wrote: > > > > On Sun, Aug 16, 2015 at 8:07 PM, Eric Shepherd <[email protected]> > wrote: > >> I have to agree with Gavin here: the risk of this sort of attack >> occurring is very low, >> > > Do you have some evidence for this? > > -Ekr > > >> but the potential for annoying or confusing users with this presentation >> is, if not high, at least high enough to make it overkill. At least having >> a way (even if it's an about:config only thing) to drop this reminder >> once you have it through your head, would be helpful. >> >> Or what if we add a checkbox "don't show this again" BUT only after, say, >> ten times displayed. That way you can be sure they have seen the warning. >> Then when they opt to stop showing it, have a confirmation dialog remind >> them of the risk. From then on, they don't get the reminder. >> >> Eric Shepherd >> Sr. Technical Writer >> Mozilla >> Blog: http://www.bitstampede.com/ >> Twitter: http://twitter.com/sheppy >> >> On Aug 16, 2015, at 9:38 PM, Gavin Sharp < <[email protected]> >> [email protected]> wrote: >> >> I'm not making any statement as asinine as "there's no point worrying >> about security", and it's frustrating that that's something I would even >> have to clarify. >> >> Richard stated he thought the current solution had a "small price" and I >> disagreed with him. >> >> This boils down to a classic security/usability tradeoff. Those tradeoffs >> are ultimately matters of opinion, not fact, and need to be made by >> estimating what is likely in addition to understanding what is possible. >> >> None of us are the product owners responsible for making that tradeoff, >> so having stated my opinion I'll defer to them. >> >> Gavin >> >> On Sun, Aug 16, 2015 at 6:16 PM, Chris Hofmann < <[email protected]> >> [email protected]> wrote: >> >>> >>> >>> On Sun, Aug 16, 2015 at 5:52 PM, Eric Rescorla < <[email protected]> >>> [email protected]> wrote: >>> >>>> >>>> >>>> On Sun, Aug 16, 2015 at 5:49 PM, Gavin Sharp < <[email protected]> >>>> [email protected]> wrote: >>>> >>>>> > But a 2-3 second box for each fullscreen transition seems like a >>>>> > small price. >>>>> >>>>> Seems like a pretty large price to me, given a combination of factors: >>>>> - significant added friction to a common user action ("start watching >>>>> this video in fullscreen") >>>>> - low likelihood that the type of attack this mitigates ("fullscreen >>>>> spoofing") is successful even without any mitigation, and the >>>>> relatively high cost/benefit ratio for such an attack >>>>> >>>> >>> Not sure if I understand the point you are trying to make with this and >>> the next item below. >>> >>> Are you saying that there is high cost to building such an attack and >>> low benefit to the attacker? >>> >>> Are you suggesting that a small level of defense is worthless to its >>> better to just get rid of all the defenses? >>> >>> Good reading from a few years ago, with the proof of concept to go along >>> with it. >>> http://feross.org/html5-fullscreen-api-attack/ >>> >>> The "full screen browser mode" to "full screen video" is an interesting >>> scenario. >>> >>> What's the likelihood of increased targeted attacks against firefox it >>> we remove or reduce the defenses? >>> >>> -chofmann >>> >>> >>> >>>> - low likelihood that it usefully mitigates a sophisticated attack of >>>>> this sort >>>>> >>>> >>>> Can you please point to some supporting documentation for these claims? >>>> >>>> -Ekr >>>> >>>> - low rate of abuse of pre-existing equivalent functionality (e.g. >>>>> Flash's fullscreen) >>>> >>>> >>>> >>>> >>>>> >>>>> >>>> Gavin >>>>> >>>>> On Sun, Aug 16, 2015 at 12:15 PM, Richard Barnes < >>>>> <[email protected]>[email protected]> wrote: >>>>> > This prompt is an important part of the security story for >>>>> fullscreen. >>>>> > Since a fullscreen web app can hijack your entire browsing session, >>>>> it's >>>>> > important that the user know that he's entering fullscreen and not >>>>> looking >>>>> > at an actual browser window -- and to know that every time something >>>>> goes >>>>> > fullscreen. So if we're going to back off of displaying the prompt >>>>> every >>>>> > time, we need to be clear that we're assuming that the user can make >>>>> this >>>>> > distinction. >>>>> > >>>>> > That honestly seems like a bad deal to me. If the prompt stays up >>>>> (as >>>>> > Brian mentions), that's a bug and we should fix it. But a 2-3 >>>>> second box >>>>> > for each fullscreen transition seems like a small price. >>>>> > >>>>> > --Richard >>>>> > >>>>> > On Sat, Aug 15, 2015 at 9:55 AM, Brian Smith < >>>>> <[email protected]>[email protected]> wrote: >>>>> > >>>>> >> IIUC, the reminder is supposed to go away after a few seconds. >>>>> However, I >>>>> >> have experienced the case, many times, where the reminder stays on >>>>> screen >>>>> >> for the entire video. IIRC, if I restart the browser and replay the >>>>> same >>>>> >> video again, then the reminder goes away. >>>>> >> >>>>> >> HTH, >>>>> >> Brian >>>>> >> >>>>> >> On Sat, Aug 15, 2015 at 12:17 AM, Jared Wein < <[email protected]> >>>>> [email protected]> wrote: >>>>> >> >>>>> >> > Including dev-media and dev-security. >>>>> >> > >>>>> >> > On Fri, Aug 14, 2015 at 11:53 PM, Eric Shepherd < >>>>> <[email protected]>[email protected]> >>>>> >> > wrote: >>>>> >> > >>>>> >> > > Chris wrote: >>>>> >> > > >>>>> >> > > After quite a while of watching HTML 5 video content in >>>>> fullscreen, I'm >>>>> >> > > getting a bit tired of being reminded with a huge banner at the >>>>> top >>>>> >> that >>>>> >> > > yes, I can still hit ESC to exit fullscreen mode. For those >>>>> like myself >>>>> >> > > that have gotten tired of seeing this message, could there >>>>> possibly be >>>>> >> an >>>>> >> > > option somewhere (maybe in about:config) that allows the user >>>>> to turn >>>>> >> > them >>>>> >> > > off? It's been years now. What do you think? >>>>> >> > > >>>>> >> > > OMG yes please. I know how to get out of full screen mode. Make >>>>> the >>>>> >> > > reminders stop! :) >>>>> >> > > >>>>> >> > > -- >>>>> >> > > >>>>> >> > > Eric Shepherd >>>>> >> > > Senior Technical Writer >>>>> >> > > Mozilla < <https://www.mozilla.org/>https://www.mozilla.org/> >>>>> >> > > Blog: <http://www.bitstampede.com/>http://www.bitstampede.com/ >>>>> >> > > Twitter: <http://twitter.com/sheppy>http://twitter.com/sheppy >>>>> >> > > Check my Availability < >>>>> <https://freebusy.io/[email protected]> >>>>> https://freebusy.io/[email protected]> >>>>> >> > > >>>>> >> > > _______________________________________________ >>>>> >> > > firefox-dev mailing list >>>>> >> > > <[email protected]>[email protected] >>>>> >> > > <https://mail.mozilla.org/listinfo/firefox-dev> >>>>> https://mail.mozilla.org/listinfo/firefox-dev >>>>> >> > > >>>>> >> > > >>>>> >> > _______________________________________________ >>>>> >> > dev-security mailing list >>>>> >> > <[email protected]>[email protected] >>>>> >> > <https://lists.mozilla.org/listinfo/dev-security> >>>>> https://lists.mozilla.org/listinfo/dev-security >>>>> >> > >>>>> >> >>>>> >> >>>>> >> >>>>> >> -- >>>>> >> <https://briansmith.org/>https://briansmith.org/ >>>>> >> _______________________________________________ >>>>> >> dev-security mailing list >>>>> >> <[email protected]>[email protected] >>>>> >> <https://lists.mozilla.org/listinfo/dev-security> >>>>> https://lists.mozilla.org/listinfo/dev-security >>>>> >> >>>>> > _______________________________________________ >>>>> > dev-media mailing list >>>>> > <[email protected]>[email protected] >>>>> > <https://lists.mozilla.org/listinfo/dev-media> >>>>> https://lists.mozilla.org/listinfo/dev-media >>>>> _______________________________________________ >>>>> firefox-dev mailing list >>>>> <[email protected]>[email protected] >>>>> <https://mail.mozilla.org/listinfo/firefox-dev> >>>>> https://mail.mozilla.org/listinfo/firefox-dev >>>>> >>>> >>>> >>>> _______________________________________________ >>>> firefox-dev mailing list >>>> [email protected] >>>> https://mail.mozilla.org/listinfo/firefox-dev >>>> >>>> >>> >> > > > _______________________________________________ > firefox-dev mailing > [email protected]https://mail.mozilla.org/listinfo/firefox-dev > > > -- > Bluefang-Logic Networks: > > Scaled for your pleasure. > > _______________________________________________ > firefox-dev mailing list > [email protected] > https://mail.mozilla.org/listinfo/firefox-dev > > > _______________________________________________ dev-media mailing list [email protected] https://lists.mozilla.org/listinfo/dev-media
