Open
Bug 1510557
Opened 6 years ago
Updated 2 years ago
Add link to enable session restore to quit warning for people who don't have automatic session restore enabled
Categories
(Firefox :: General, enhancement, P5)
Firefox
General
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox65 | --- | affected |
People
(Reporter: Gijs, Unassigned)
References
()
Details
This is a follow-up for bug 1506173 to add a link to the "quit and close" dialog for users without automatic session restore, to enable such users to quickly enable automatic session restore. This is a follow-up because: - we want to implement it behind a feature-pref so we can compare if having that text helps people use Firefox more / has positive effects on retention. - it's not strictly necessary to fix the regression in bug 1506173 - it's more complex to implement because it requires a different (custom) dialog type, rather than a "standard" dialog from the prompt service
|
Reporter | |
Comment 1•6 years ago
|
||
Link to spec: https://mozilla.invisionapp.com/share/Y8PAV5TNSW7
|
||
Comment 2•6 years ago
|
||
I think it would be better not to implement this link "Turn on session restore in preferences". See bug 530594, bug 650298 etc. "Session restore" leads to an "eternal session", you stay logged in even after you quit the browser, and it's not at all obvious to users. The user might have deliberately chosen to turn it off, because it has severe privacy implications: Google and co can track me essentially forever (unless I explicitly delete cookies). So, we should not recommend this setting - it's simply a user choice. A user who has made this choice would then constantly see our recommendation to turn on session cookies. This is not the message we should give. This appears on every quit. If I have explicitly chosen to not have this on, for privacy reasons, and Firefox asks me every time I quit the browser to enable the preference, as if something was broken, I think that's way too strong. We should not asking for options that *decrease* privacy or security.
|
|
Reporter | |
Comment 3•6 years ago
|
||
(In reply to Ben Bucksch (:BenB) from comment #2) > I think it would be better not to implement this link "Turn on session > restore in preferences". > > See bug 530594, bug 650298 etc. > "Session restore" leads to an "eternal session", you stay logged in even > after you quit the browser, and it's not at all obvious to users. Cookies generally do this, not just session cookies, and not just when you enable session restore, which is what that bug is about. Unless you opt in to clearing cookies on shutdown, non-session cookies can and do track you anyway. Is this surprising: yes. Is there an easy solution to have session restore "work" as people expect, and still not lengthen session cookies at all: no. Can websites have cookies that persist longer than 1 session irrespective of the session restore setting: yes. > The user might have deliberately chosen to turn it off It's not turned on by default, so you're mischaracterizing how this interaction works. You don't "turn it off" - you have to *explicitly* turn it on, and most people don't. This link is an opportunity to give people a contextual recommendation that this is something they might want. > , because it has > severe privacy implications: Google and co can track me essentially forever > (unless I explicitly delete cookies). As noted above, they can do that without the session cookie issue. Disabling session restore on its own doesn't improve privacy, you'd need to also delete all the other cookies all of the time, which is something very few people do because the usability implications aren't very nice. > So, we should not recommend this > setting - it's simply a user choice. A user who has made this choice would > then constantly see our recommendation to turn on session cookies. This is > not the message we should give. We suspect that in practice people don't find that option and/or don't connect it with the problem of "all my stuff goes away when I close the browser". Whether the one sentence linking to the option constitutes a "recommendation" is a separate question - but in context, I think it's pretty clear that this is saying "you're about to throw stuff away, you can tell Firefox not to throw stuff away [here] if you like". > This appears on every quit. If I have explicitly chosen to not have this on, > for privacy reasons, As said, this is the default, and there is no way for Firefox to distinguish this choice from the user not having made a choice at all and/or not being aware the choice exists. > We should not asking for options that *decrease* privacy or security. There's no factual basis for this statement. This option is completely orthogonal to security - without automatic session restore enabled the exact same data is still stored on disk (for the user to retrieve manually with "restore previous session") and a malicious actor could still retrieve it, with the same access assumptions. In terms of privacy, the only issue you've highlighted is with session cookies, and as I already said, other cookies have the same privacy implications. > and Firefox asks me every time I quit the browser to > enable the preference, as if something was broken, I think that's way too > strong. Continuously showing a link that you have no use for does at some (minute) cognitive overhead, so we could potentially do something like no longer showing the link after showing it 5 or 10 times or whatever. Amy, thoughts?
Flags: needinfo?(amlee)
|
|
||
Comment 4•6 years ago
|
||
I think bug 650298 well illustrates the problem. Users expect to be logged out when they quit the browser. That is a security feature. Novice users often shut down the browser, just to be sure that everything is logged out. If they are not, this can lead to security problems. Per definition, a "session" ends at the latest when the browser quits. By prolonging the session over browser quits, we're breaking the most basic semantic of "session cookies". If the user opts into this, fully knowing what it does, then it's OK, but we should not so actively and forcefully promote such a problematic preference, esp. for users who might not realize the implications.
|
||
Comment 5•6 years ago
|
||
If we want to soften the message so it seems less like a recommendation, we could change the string to: Manage *Restore previous session" settings in Preferences It's not as actionable or direct, but it makes the point.
Flags: needinfo?(gijskruitbosch+bugs)
|
|
Reporter | |
Comment 6•6 years ago
|
||
(In reply to Ben Bucksch (:BenB) from comment #4) > I think bug 650298 well illustrates the problem. Users expect to be logged > out when they quit the browser. That is a security feature. Novice users > often shut down the browser, just to be sure that everything is logged out. > If they are not, this can lead to security problems. The same "security problems" exist without toggling this pref, as I already said. The data is still saved. (In reply to Meridel from comment #5) > If we want to soften the message so it seems less like a recommendation, we > could change the string to: > > Manage *Restore previous session" settings in Preferences > > It's not as actionable or direct, but it makes the point. This works for me, but I'll let Amy make a decision.
Flags: needinfo?(gijskruitbosch+bugs)
Priority: -- → P2
|
|
Reporter | |
Updated•6 years ago
|
Assignee: nobody → gijskruitbosch+bugs
Status: NEW → ASSIGNED
|
|
||
Comment 7•6 years ago
|
||
> The same "security problems" exist without toggling this pref, as I already said. The data is still saved.
That's a bug then, as it violates assumptions of both the website and most normal end users.
We shouldn't make it a feature. And certainly not prominently promote this feature here. It will simply bite users.
|
||
Comment 8•6 years ago
|
||
I think from a product perspective we actually *want* to promote this feature to determine if there is an increase in engagement with users that turn Session Restore on. We can soften the message as mentioned in comment 5 to be less of a recommendation but I would like to get Peter's input on this.
Flags: needinfo?(amlee) → needinfo?(pdolanjski)
|
|
Reporter | |
Comment 9•6 years ago
|
||
Unassigning for now.
Assignee: gijskruitbosch+bugs → nobody
Status: ASSIGNED → NEW
|
||
Updated•5 years ago
|
Component: General → Session Restore
|
|
Reporter | |
Comment 10•5 years ago
|
||
The quit warning is really not something to do with session restore itself, even if the link needs to point there.
Component: Session Restore → General
Priority: P2 → --
|
||
Updated•5 years ago
|
Priority: -- → P5
|
||
Comment 12•4 years ago
|
||
Per Amy's comment - https://bugzilla.mozilla.org/show_bug.cgi?id=1510557#c8
Peter is gone now, should someone own this? Could this be affecting retention?
Flags: needinfo?(pdolanjski)
|
|
Reporter | |
Comment 13•4 years ago
|
||
(In reply to Mike Kaply [:mkaply] from comment #12)
Per Amy's comment - https://bugzilla.mozilla.org/show_bug.cgi?id=1510557#c8
Peter is gone now, should someone own this? Could this be affecting retention?
--> fwd to Romain.
Flags: needinfo?(rtestard)
|
||
Comment 14•4 years ago
|
||
Thanks for the ping. I discussed with Raja and Kamyar who researched session restore, output from their work:
https://docs.google.com/document/d/1jTnSvg2zfZOHeUsNTcYOD6WtHB6E1sq_P13pa1gLpLE/edit#
This research was about automatically enabling session restore as default - not many respondents were welcoming to the idea of turning on automatic session restore by default. And many of those who were, already had enabled that feature.
This bug sounds like a way to expose the feature in a non forceful way - the results of the study UR conducted do not directly go against that approach.
I'm adding this to our backlog of growth opportunities, intention being to have this prioritized in the next 6 weeks.
Flags: needinfo?(rtestard)
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•