Almost exactly a year ago I wrote a blog post explaining how permission prompts are a particularly problematic area for a functioning extension ecosystem. While at this point it was already clear that Firefox would show some kind of permission prompt, I hoped that Mozilla would put more thought into it than Chrome did. Unfortunately, this didn’t quite happen. In fact, as I now experienced, the permission prompt in Firefox turned out significantly worse than the one in Chrome.
Two days ago I released a new version of my Google search link fix extension. I finally got to turning that “run on all websites” permission into a list of specific domains, with all of 193 Google domains. And the backlash came immediately, in form of this review (translated from Russian):
“Google search link fix has been updated. You must approve new permissions before the updated version will install. Choosing “Cancel” you will maintain your current add-on version. It requires your permission to:
- Access your data for sites in the yandex.com domain
• Access your data for sites in the yandex.com.tr domain
• Access your data for sites in the yandex.by domain
• Access your data in 197 other domains”
Developers, re-read the name of your extension.
This prompt doesn’t show up on the stable Firefox release yet, but Firefox Nightly indeed shows it:
I guess that I must consider myself lucky for having implemented this change so early. A few months later I would have received lots of comments like that, as all users would have seen this prompt. As I explained in my previous blog post, permission prompts on update are particularly disruptive and should be avoided if somehow possible. However, Firefox is currently displaying them even if the extension’s permissions got reduced like in this case.
The other issue is the way the information is presented. I didn’t expect the order to matter so I put Google domains last. But that’s confusing to users if only three domains are being displayed, with Google Search being the primary target for this extension. Worse yet, with no way of listing the remaining domains users suspect that something malicious is going on.
It seems that the use case “run on various search pages” is common enough that Chrome developers chose to special-case it. The permission prompt displayed by Chrome is way more straightforward:
This also leaves me hoping that Chrome won’t display a permission prompt just because a future update added a new Google domain. Still questionable whether I want to add support for more search engines in future, but it probably won’t confuse users all too much.
As to Firefox, I’m considering re-adding
https://* permission while I can still do it (meaning: most users won’t see the permission prompt on update). Otherwise future updates might turn out quite disastrous.
Hello. Mentioned prompt warned me about accessing to all my data not just some domains as you informed.
That’s because I already implemented the change mentioned at the bottom of the blog post. The permissions on Firefox are back to “all websites” even though the extension is only active on specific domains.
I would not recommend you to go back to a “https://*” permission prompt. Some time ago I received a notification from Firefox about your plugin now wanting access to all websites and refused to update it. While it may make a few things easier for you, you’re misleading your users most of whom are privacy conscious.
The good news is: most people have never seen that prompt because permission prompts on update aren’t enabled in stable Firefox yet. So right now is my last chance to change it back to “all websites” and I’ve taken it.
As to misleading users who care, these users aren’t helped by the message stating that my extension requires access to 200 domains, most of which they cannot see. Nor is it helpful if they see the same message whenever Google decides to set up one more domain. I don’t like requesting access to all websites any more than you do, but the current Firefox implementation is simply broken for this use case.
I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1387695 on implementing things in the same way Chrome did. Once this is done, the permission prompt should list merely three domains, so that users can actually understand what’s happening. More importantly, no permission prompt will appear on update if merely yet another Google domain has been added. And if https://bugzilla.mozilla.org/show_bug.cgi?id=1373434 is fixed as well, I’ll happily remove requesting access to all websites again.
For reference, AMO statistics show that the vast majority of users updated to version 1.6.5 already. The update speed is quite consistent with back when version 1.5.4 was being phased out. Most people who didn’t update yet are on 1.6.3 rather than 1.6.4, so it doesn’t look like too many people are concerned by that update prompt.