Closed Bug 1621213 Opened 5 years ago Closed 5 years ago

Request user's permission to do anything with a WebExtension experiment

Categories

(Thunderbird :: Add-Ons: General, enhancement)

Product:
Thunderbird
Component:
Add-Ons: General
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 76.0

People

(Reporter: darktrojan, Assigned: darktrojan)

References

Details

Attachments

(3 files, 1 obsolete file)

permission prompt
(deleted), image/png
mkmelin
: feedback+
aleca
: feedback+
Details
permission prompt
(deleted), image/png
Details
1621213-experiment-permission-2.diff
(deleted), patch
mkmelin
: review+
Details | Diff | Splinter Review

Now that extensions require user permission to do some things, users may reasonably expect that if their permission is not requested, an extension cannot do a lot of things. But that isn't the case with experiments. We need to add a generic permission and/or warning for all extensions that contain experiments. Perhaps we have some useful text from previous versions.

Depends on: 1621841
Depends on: 1623575
Attached image permission prompt (deleted) —

I have the code to do this mostly figured out, but I'm not a fan of the wording, which I took from the warning about unsigned extensions in Firefox, with the first sentence changed.

What I'm trying to tell the user is that although we have an add-ons permissions system, some code in the add-on lives outside it and could do anything without asking for permission. Potentially the "It requires your permission to:" section might not even be there. The "Learn more" link could potentially provide a much more verbose explanation if needed, once it works (bug 1623575).

Edit: I should point out for those not familiar with this prompt, everything except the "Caution: …" part already exists.

Attachment #9134572 - Flags: feedback?(mkmelin+mozilla)
Attachment #9134572 - Flags: feedback?(alessandro)
Comment on attachment 9134572 [details] permission prompt It's not too bad. Maybe it should list it's asking permissions to "Have full, unrestricted access to everything"
Attachment #9134572 - Flags: feedback?(mkmelin+mozilla) → feedback+
Comment on attachment 9134572 [details] permission prompt Yes, I like this a lot. Indeed, as Magnus suggested, maybe rewording it a bit like: "Caution: This Add-on might potentially gain full, unrestricted access to your system. Malicious..." From this, comes the question if it would be possible to restrict system access to add-ons.
Attachment #9134572 - Flags: feedback?(alessandro) → feedback+
Attached image permission prompt (deleted) —

Take two: a combination approach. Only the experiment "permission" in the list of permissions and a warning paragraph afterwards which only shows for experiments. I like this one.

Attachment #9135908 - Flags: feedback?(mkmelin+mozilla)
Attached patch 1621213-experiment-permission-1.diff (obsolete) (deleted) — Splinter Review
Attachment #9135909 - Flags: review?(mkmelin+mozilla)

What it can do is not limited to things within Thunderbird though, which is what my "Have full, unrestricted access to ..." was trying to convey.
Maybe "Have full, unrestricted access to your system"

Comment on attachment 9135908 [details] permission prompt (Like I wrote earlier, I think the Thunderbird reference is misleading.)
Attachment #9135908 - Flags: feedback?(mkmelin+mozilla)

That's why I added the longer text below it, which does say an extension can do things outside Thunderbird.

We don't want this message to be too scary, given that most extensions will be using an experiment for the foreseeable future.

Andrei rightly pointed out that we shouldn't show the part about malicious add-ons and trusting the source when the source is ATN, because all add-ons available there are reviewed by humans. With that in mind how about this:

Add XYZ extension?
It requires your permission to:

  • Have full, unrestricted access to Thunderbird, and your computer.

(This line only if install is not from ATN.) Malicious add-ons can steal your private information or compromise your computer. Only install this add-on if you trust the source.

I want to keep the mention of Thunderbird in the permission string because it makes the message more reassuring without being incorrect. Also I don't like the word system in this context.

Flags: needinfo?(mkmelin+mozilla)

Ok let's go with that.

Flags: needinfo?(mkmelin+mozilla)
Comment on attachment 9135909 [details] [diff] [review] 1621213-experiment-permission-1.diff Review of attachment 9135909 [details] [diff] [review]: ----------------------------------------------------------------- ::: mail/locales/en-US/chrome/messenger/addons.properties @@ +167,5 @@ > webextPerms.optionalPermsAllow.accessKey=A > webextPerms.optionalPermsDeny.label=Deny > webextPerms.optionalPermsDeny.accessKey=D > > + needless extra blank here
Attachment #9135909 - Flags: review?(mkmelin+mozilla)

String changed. Warning about untrusted sources removed for ATN installs.

Attachment #9135909 - Attachment is obsolete: true
Attachment #9136244 - Flags: review?(mkmelin+mozilla)
Comment on attachment 9136244 [details] [diff] [review] 1621213-experiment-permission-2.diff Review of attachment 9136244 [details] [diff] [review]: ----------------------------------------------------------------- ::: mail/locales/en-US/chrome/messenger/addons.properties @@ +180,5 @@ > webextPerms.description.devtools=Extend developer tools to access your data in open tabs > webextPerms.description.dns=Access IP address and hostname information > webextPerms.description.downloads=Download files and read and modify the browser’s download history > webextPerms.description.downloads.open=Open files downloaded to your computer > +webextPerms.description.experiment=Have full, unrestricted access to Thunderbird, and your computer %S, not Thunderbird
Attachment #9136244 - Flags: review?(mkmelin+mozilla) → review+

and that may want a localization note too

Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/2373d7011959
Request user's permission to do anything with a WebExtension experiment. r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 76.0
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: