> On Mar 6, 2015, at 6:18 PM, Ehsan Akhgari <ehsan.akhg...@gmail.com> wrote: > > On 2015-03-06 1:14 PM, andreas....@gmail.com wrote: >> >>> On Mar 6, 2015, at 5:52 PM, Anne van Kesteren <ann...@annevk.nl> wrote: >>> >>> On Fri, Mar 6, 2015 at 6:33 PM, <andreas....@gmail.com> wrote: >>>> Is the threat model for all of these permissions significant enough to >>>> warrant the breakage? >>> >>> What breakage do you envision? >> >> I can no longer unblock popups on sites that use HTTP. The web is a big >> place. It will take a long time for everyone to move. > > I think Anne is not proposing that. He's proposing blocking persisting those > permissions. IOW you would be able to still show popups from these websites, > but you won't be able to ask Firefox to remember your preference.
I know but we will break the persisting. The user will be annoyed that popup unblocking doesn’t work as expected on HTTP sites. I am all for securing dangerous permissions but popups and notifications seems more like we are wagging our finger at the user in unhelpful ways. Most users will simply think Firefox is broken. Thanks, Andreas > >>> Having said that: >>> >>> * Geolocation allow for tracking the user >>> * Fullscreen allows for impersonating the OS >>> * Pointer Lock allows for spoofing >> >> The two seem fairly trivial problems. The user will simply stop going to the >> spamming site. I don’t think it makes sense to treat them in the same bucket >> as the above 3. > > I agree that the above three are more important problems to address, FWIW. > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
