----- Original Message ----- > From: "Lucas Adamski" <[email protected]> > To: "Jared Wein" <[email protected]> > Cc: "security-group group" <[email protected]>, > [email protected], "Kev Needham" > <[email protected]>, "Madhava Enros" <[email protected]>, "Stephen Horlander" > <[email protected]>, "Justin > Dolske" <[email protected]>, "Asa Dotzler" <[email protected]> > Sent: Monday, April 2, 2012 5:28:23 PM > Subject: Re: Opt-in activation for plugins (aka click to play) > > On Apr 2, 2012, at 5:16 PM, Jared Wein wrote: > > > ----- Original Message ----- > >> From: "Lucas Adamski" <[email protected]> > >> > >> ... > >> • User is tired of always clicking to play a given plugin (i.e. > >> YouTube, or their favorite Java game site) > >> • A user has clicked on this four times in 30 days, so > >> automatically enable this plugin on this site up to 30 days > >> after > >> last played or until user revokes this permission > >> (about:permissions?) > > > > I think we should go with a simpler and more predictable model of > > providing a checkbox that is default-unchecked which remembers the > > setting on a per-site basis. If we want to expire permissions, I > > think we should do it on a longer timeline, more in the range of > > 3-6 months. > > > > - Jared > > How would you implement a checkbox in a normal click-to-play > (in-content) experience? > > To be clear that's a 30 day sliding window from last time content was > played there. So if you visit a given site with plugin content (say > youtube.com) at least once every 30 days, you conceivably should not > see that prompt again unless you become vulnerable to a security > issue. > > Also, to be honest I'm picking arbitrary numbers like 30 days and 4 > times mostly to stimulate conversation. :) > Lucas.
We can put checkboxes in the plugin overlay, similar to what we have for crashed plugins. When the overlay is too small to use we can add secondary options in the doorhanger dropdown for users to choose to remember the settings. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
