Feeling safer online with Firefox
The latest privacy and security improvements in Firefox
[This post originally appeared on Medium]
Firefox is the only browser that answers only to you, our users; so all of us who work on Firefox spend a lot of effort making your browsing experience more private and secure. We update Firefox every 6 weeks, and every new change ships to you as fast as we can make and verify it. For a few releases now, we have been landing bits and pieces of a broader set of privacy and security changes. This post will outline the big picture of all these changes.
Site Identity and Permissions Panel
The main project involved improvements to the way Firefox handles permission requests from sites that want to do things that the web platform doesn't allow by default - like accessing your laptop's camera or GPS sensor. To find out how our existing model fares, we ran it through a number of user studies and gathered feedback from users and web developers alike.- It’s easy by design to dismiss a permission prompt, to prevent websites from nagging you. But it’s not so obvious how to get back to an inadvertently dismissed prompt, which users found confusing.
- Managing the permissions of an individual site was hard, due to the multitude of presented options.
- It was cumbersome to grant access to screen sharing. This was because it was difficult to select which area of the screen would be shared and because screen sharing was only permitted on websites included in a manually curated list.
Elevated Privileges for Non-Default Permissions
By default, web sites need an elevated level of privilege to access your computer hardware like camera, microphone, GPS or other sensors. When a site requests such a permission and the user grants it, the Site Identity panel will display the allowed item along with an "x" button to revert it. In the case of particularly privacy-sensitive permissions, like microphone or camera access, the icon will have a red hue and a gentle animation to draw attention.When a site has been granted elevated privileges, the "i" icon in the URL bar is badged with a dot that indicates the additional information present in the Site Identity panel. This lets you assess the security properties of your current session with a quick glance at the awesomebar, where the "i" and lock icons are displayed together.
Users who want even more fine-grained control over all available permissions can go to the Permissions tab in the Page Info dialog (right arrow in the Identity panel -> More Information).
Permission Prompt and Dialog
Permission dialogs are now more consistent than before, both in terms of available actions and messaging.When a site asks for a permission, a permission prompt appears with a message and iconography specific to the type of permission being requested and the available actions. Most of the time, there will only be two: allow or don’t allow access. The default action will stand out in a blue highlight, making the common action easier to perform.
Furthermore, disallowed permission requests are now displayed as strikethrough icons in the Awesome Bar to hint at the potential cause of site breakage. For example a video conferencing site will probably not be functioning very well if you reject its camera permission request. So the crossed-out camera icon will remain afterwards, next to the "i" icon, to remind you of that fact.
Audio, Video and Screen Sharing Permissions
WebRTC-related permissions have even more new changes.For starters, screen sharing now doesn't require sites to be added to a separate whitelist. This means that all sites can now use WebRTC screen sharing in Firefox.
Also, screen sharing now includes a preview of the content that will be shared to make it easier to identify the right screen, application or window to share.
Moreover, when you have granted a video conferencing site access to both your camera and microphone, reverting the permission grant for one permission will also revert it for the other. This will help you avoid accidentally leaking your private data.
Add-on Panel Improvements
While working on these security improvements we fixed some old platform panel bugs that used to affect all kinds of panels, including those created by add-ons. Therefore if you are using an add-on that displays popup panels you should have an improved experience even if the panels are not related to permission prompts.Error Pages
And finally, error pages also received some new smarts.The most common cause for secure connection errors turns out to be user systems having the wrong time. Firefox will now detect when your clock seems way off and will suggest in the error message how to fix it.
Another common cause for broken connections is the presence of a captive portal. Firefox will now detect that case and prompt you to log in the captive portal. Even though some operating systems have built-in support for detecting captive portals, if you regularly use social network accounts to log in, the experience with Firefox will be smoother. This change is now in Nightly and Developer Edition versions and should ship soon in the stable release.
Looking back at what we managed to accomplish in the last few months makes me proud to work with this fabulous team of talented and passionate engineers, designers, user researchers, QA engineers, product and project managers. But of course we are far from being done with privacy and security improvements for our users. Stay tuned for more exciting Firefox privacy and security updates in 2017!
[Many thanks to Bram Pitoyo, Nihanth
Subramanya, Tanvi Vyas, Peter Dolanjski, Florian Quèze, and Johann
Hofmann for reviewing drafts of this post.]
7 comments:
Thank you so much for your work on Firefox <3
Looking forward for a great 2017
That is all great! Thank you for the work. What about this feature: https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers#Site-specific_Containers ? Sounds very interesting.
Awesome!
Will we see similar UI in Firefox Android?
Very good improvements.
There's a lot of useful comments on HN though, especially considering the wording. I'll just leave a link here instead of reposting it: https://news.ycombinator.com/item?id=13390846
Uh, whatever, these are the two most important:
> Awesome changes.
>
> One suggestion: In the Control Center™, I would recommend using the past-tense for the current state. E.g.,
>
> Receive Notifications Allowed X
> Access Your Location Allowed X
> Maintain Offline Storage Allowed X
>
>As it exists in the screenshots, the present tense is used, and the X button seems to be associated with the word "Allow." Further clarification could be achieved by making the X button actually say "Disallow" and giving it a border separate from the word "Allowed." E.g.,
>
> Receive Notifications Allowed [Disallow]
and:
> The status "Use the Camera - Allow - X" can be confusing. Is the site currently allowed to use the camera, or not? The word Allow could either mean "currently allowed" or "click to allow." The X could mean either "currently blocked" or "click to block."
- Still can't manage local storage objects.
- Cookie Manager still needs an overhaul.
- WebRTC still leaks the local network.
- 3rd Party JavaScript is STILL allowed to lock up the browser until booby trapped buttons are pushed.
- Password Manager needs overhaul.
Its a nice start. But there's still work to do.
We are going to experiment with Containers in Test Pilot soon, stay tuned!
Android is a different matter though. The small screen size in mobile devices isn't a good fit for some of the design decisions we made for desktop. Other parts though are likely to be introduced to Firefox for mobile in the future.
About string suggestions, we will certainly take all feedback into consideration. It should be noted though that the experience of using a feature is not always the same as the experience of looking at a static screenshot.
@Omega X: most of these areas are being worked on, but I must confess I don't understand what the 3rd party JS bullet point is about.
Thanks for all the feedback so far!
Mozilla is the only pure part of Internet
Post a Comment