Consider coalescing permissions UI for same domain across multiple TLDs (and especially for google)
Categories
(WebExtensions :: General, enhancement, P3)
Tracking
(Not tracked)
People
(Reporter: zombie, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [mv3-m2])
Quoting Rob Wu:
Chrome collapses host permissions where host minus eTLDs are collapsed.
www.google.co.uk, www.google.com, www.google.nl, maps.google.com becomes "www.google.com and maps.google.com". For the logic and references to code, see https://source.chromium.org/chromium/chromium/src/+/main:extensions/common/permissions/permission_message_util.cc;l=40;drc=a1e1598b6309e8a8094a3fbef99dfeb9c6e4e042 and crbug.com/72732In contrast, Firefox just dumps the full list of hosts, see the "Permissions" section at https://addons.mozilla.org/en-US/firefox/addon/dont-track-me-google1/ for an example.
We've had developers ask this, most often for google.* domains, since that's basically the only global company that actively operates user-facing domains across more than a handful TLDs.
I even considered adding a special google.*
permission just for this usecase, but it turns out Chrome has managed to back into a similar result from the opposite end, and is probably worth considering.
Comment 1•3 years ago
|
||
I cannot determine from the Chrome code how this is done safely. What if someone else ends up owning google.whatever
? It also seems somewhat bad to favor/special-case specific companies.
Comment 2•3 years ago
|
||
Anne, what would the issue be with using the eTLD service?
Comment 3•3 years ago
|
||
Shane, how would the Public Suffix List help in determining that google.com and google.nl have the same owner?
Comment 4•3 years ago
|
||
IIUC The point here is simplifying some ui.
in the permission type prompting, something like:
Access to amazon.com
Access to multiple google domains
in the addon permissions, perhaps something like:
[+] google.* [enable|disable]
hitting the + expands to
[+] google.* [enable|disable]
google.com [enable|disable]
google.nl [enable|disable]
google.something [enable|disable]
I'm not certain ownership is terribly important with this as we would still want granular capability. Aside from that, are users going to know that google.com and google.something are not owned by google?
Comment 5•3 years ago
|
||
In the current situation, where a user is shown a prompt with 100+ Google domains, what are the odds that they would see google.something
amidst the lot of other Google domains? I don't think that we need to worry about users getting confused that "google.com and google.something are not owned by google".
Updated•3 years ago
|
Updated•3 years ago
|
Description
•