On 5/6/15 10:02 AM, Ehsan Akhgari wrote:
1. The scenario that you're describing is already possible on the Web,
through Flash. However, I have not seen any evidence of this kind of
thing ever occurring in the wild. Given the fact that people have
literally had years to start trying to do this. Web sites do have an
incentive to not annoy users, and we have seen how they have largely
stopped doing annoying things such as blocking the context menu in the
past.
Well... Did Flash offer sites a way to to this without user interaction?
I don't know for sure, but I assumed it had to be invoked by a user
action... I remember a couple of popular URL shortener sites using Flash
for this, and they always required a conspicuously-extra click on a
"copy to clipboard" button. (Entering full-screen had the same
requirement too, IIRC.)
I think the "web sites do have an incentive to not annoy users" claim is
dubious too. Some sites certainly do, but we still see widespread
annoyance/abuse of features like popups, onbeforeunload traps, playing
unexpected audio in background tabs. And some legit sites (eg wendys.com
/ t-mobile.com) kind of abuse geolocation by prompting for it on every
page upon page load.
This isn't such a severe problem that we have to completely solve it
right away, but I'd hate to see us painted into a corner where we have
no options for mitigating abuse or giving our users control.
2. Even if we decided that this is a serious issue that we need to
solve, there is no good solution here.
One off-the-cuff thought would be to place some reasonable restrictions
on the usage (tab must be in foreground, maybe in response to a user
interaction), and perhaps provide some (fairly subtle) UI indication of
when it's invoked. That at least gives the user a chance to see a
clearer cause/effect.
Or, along the vein of retroactively revoking permissions -- just keeping
a usage log somewhere. That at least enables motivated/SUMO users to be
able to discover what site is causing the problem, and then either
revoke it off or stop going there. Seems like kind of an interesting
idea that would scale to other seldomly-abused permissions...
Justin
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
