267 comments

[ 0.17 ms ] story [ 496 ms ] thread
I think that no matter what solution the browsers decide on, we will always have to fight the “pre-permission prompts” from websites. These are the homemade prompts in JS and html that the sites pop up that essentially ask if you want to be prompted for the real permission. Once you click accept on their dialog, they hit the real browser api to show the native dialog.
At least those can be blocked with adblockers.
I actually mind those a lot less, since these prompts can be used to properly set expectations about how the notification permission will be used.

Or at least, I mind these a lot less in theory, since it feels like they're rarely implemented this way. It's a golden opportunity for app developers to explain why they want to send you notifications, what benefit you'll get from it, and how often you should expect to be notified, and recipe sites are using it to trick you into effectively signing up for a mailing list.

Yes! I hate the notifications prompt showing up on the landing page of a website. I definitely support the browser blocking nuisances until there's user interaction, things such as: sound, videos, popups, and request for permissions.
god forbid you leave firefox set to never remember history, you don't get the option to block sites forever. So every time you hit a reddit link it will gleefully present you with a prompt about notification permissions.
Wow thank you for pointing that out. I have always set my browsers to never remember history, if I want to remember it, I will use a bookmark. Consequently Reddit mobile will totally spam me, making it even more unusable than before.
Alternatively you can workaround the issue by telling firefox to delete history on close. This will allow you to block notifications per-session.
It seems to have gotten much worse on reddit lately. I would not be surprised if that is what pushed them to start to do something about it.
Firefox has a "Block new requests asking to allow notifications" checkbox in the Notifications settings under Privacy. This can be done for all prompts and will permanently disable all prompts unless you whitelist a website, essentially.
That's not entirely true. Remembering history is also different from remembering permissions. Firefox should persist those independently from actual URLs in browsing history.

And there's a button in settings where you can disable permission prompts for notifications globally.

> That's not entirely true. Remembering history is also different from remembering permissions.

Explain how it isn't true. I described a behavior with Firefox that's problematic and caused by 'automatic private browsing', which is what you get when you set 'never remember history'. When this is done it does not track state separately as you say.

Related: https://support.mozilla.org/en-US/questions/1140700

Also, for more fun and unexpected behavior with that mode: https://bugzilla.mozilla.org/show_bug.cgi?id=513421

Websites should not ask users for permission notifications. It only annoys the people using it. It is a bad idea!

If users are interested enough in your content, they will find a way to opt-in for notifications like email; an opt-in for notifications button or even RSS. Why would website owners assume that users want to get notifications only after 5 seconds of visiting a random site?

Some of them do have legitimate uses, like chat apps (messages.android.com for example). Otherwise though I do agree that they are a fairly bad idea.
There are certainly a few legitimate use cases. There should be an enable desktop notifications button or something similar in those cases.
Yea gitter is the only website I've given this permission to. It makes the user experience much better and so far they haven't abused it.
I'd add lichess.org as an example of well used notifications - telling you the opponent moved.
Pokémon Showdown uses it for both – telling you your opponent moved, and message notifications when used as a chat app.

It doesn't ask for the permission until you start a game or send a private message, though. I think the original version of the spec required an interaction before the permission prompt when I implemented it – I'm surprised the restriction was removed.

(comment deleted)
Even then, notification permission should not be requested without some sort of prior input from the user. A simple red bell icon with the hover text "enable notifications" would work so much better than the user being assaulted with the dialogue box right away.

It really is a shame to see how terribly these permission requests have been abused, especially by news sites. I see this is a push for engagement by management, and not sufficient pushback from developers against this dark pattern.

This is not a difficult feature to implement well, and we should know how to do it properly after years of mobile permission request design.

Yeah, it should require user interaction to trigger the prompt. In fact, some of the better websites do this already.

This should be the same for nearly everything, like:

- playing video/audio automatically - location access - direct GPU access

In fact, it would probably make sense to include all scripting (JavaScript and web assembly).

To make this suck less, the website should be able to request multiple permissions at once, with each permission able to be granted individually and websites able to put a short reason why each is being requested. Those permissions should show up in an easy to use menu for each site, like the TLS info button. Perhaps that same menu is the only way to enable/disable, so no popups, and all permissions are disabled by default.

I almost wonder if sites are hoping people will enable notifications by accident, and then read the content after getting notified. I know at least a few people who've clicked the "allow" button by mistake, and then couldn't figure out how to turn the notifications off.
That's certainly the logic, no doubt about it.
A do appreciate that browsers provide a standard way to ask for these permissions. For instance, I deny most of the "know your location" queries, but it is not infrequent that I do wish to use a Web service that asks to know where I am.

Pop-up is a bad way, the above proposal for (admittedly some more clutter) buttons in address bar is better.

I welcome this change. Notification prompts have lately become the new popups. Almost every WordPress blog under the sun now is nagging for notifications.
As a user, I don't even really understand what a "notification" is but it sounds annoying. I don't think I've ever allowed them when prompted. I didn't realize until reading this that I could disable these prompts entirely, but I have just done that.
About time. Introducing a feature like this without a "Go away, and never come back!" button was a big UX fail IMO.

On a related note, seems like desktop notifications would be a great venue for remote code exploits. Have there been any yet?

Under the big arrow next to the "Not now" button is a "Never on this site" button, of that's what you mean. Otherwise there is the settings item (which, admittedly was added recently)
I don't want a "never on this site" button, I want "disable popups forever and don't pester me again". Glad this can be done in the settings now.
I feel like Solution 1 is pretty close to what I see as the "solution".

I think for commonly requested permissions that are not commonly accepted, they should just use a smaller, more discreet icon for notifying the user; one that doesn't hang down over the chrome and block/cover up the site. That way, it can be easily ignored.

It should be more obvious than the one they're using in that solution. Maybe something equivalent to an icon next to the refresh button or something. The text icon they had in #1 was probably /too/ easy to ignore.

As someone with "not-so-tech-savvy" users on my website, this is bound to get ignored a lot. I have seen screenshots of my users (when they need support) and they dont even click "Okay" on the Cookie bar (to accept cookies and stuff) and / or any notification on the website (Not the Push Notification).
Is there a reason you have a cookie bar? The idea of a 'click ok' bar should be dead since GDPR adjusted the law. If it's not for tracking then you don't need a bar. If it is for tracking then whenever possible the site should work without opting in.
Good to see, I outright disabled them. Its pretty rare when I would ever want something like this.
The notification prompt should be a good lesson in feature creep for browser vendors. Pretty much applies to all "engagement" features: If you build it, it will be abused.
Downgrading the prompt to a non-popup icon in the address bar unless it follows a user action sounds like the perfect balance.

This won’t entirely stop sites which are properly trying to request the permission in the worst case, and the navbar icon is unobtrusive enough that if it gets spammed it’s no big deal.

Actually I think it makes sense to persistently show the notification icon in the navbar once the permission has been granted (same with mic, audio, and anything else) providing a quick glance at any privs that have been granted and an obvious way to revoke them.

The icons would then need granted and non-granted states, and perhaps even three states;

- Black : requested but not authorized

- Black with green check : granted

- Grey with red x: requested and denied

> Downgrading the prompt to a non-popup icon in the address bar unless it follows a user action sounds like the perfect balance.

Agreed. If it's in direct response to a user action (a sync response to a click or a tap on an element smaller than 300x300px, for example), I think it's perhaps more legitimate to have a more visible indication, like a strip across the top. (I'd want the element size constrained to avoid issues with sites adding `onClick` handlers to the `<body>` element or similar.)

> Actually I think it makes sense to persistently show the notification icon in the navbar once the permission has been granted (same with mic, audio, and anything else) providing a quick glance at any privs that have been granted and an obvious way to revoke them.

I believe Firefox already does this. It also shows you privileges which you've explicitly denied -- for example, if you disallow location access, you'll see a slashed compass next to the (i) button in the Awesomebar.

A nice tiling of invisible squares across the page can get around your element size restriction.
Do we even need the restriction.

We're talking about spammyness of a UI element because access requests are misaligned with user desire.

All you're saying is the site will pop up a request for access whenever I do anything, ok, how is that different to what we have no?

It's not going to be the norm, it's just going to be a few bad actors.

Doesn't mean we put up with spam everywhere else.

Aren't there already sites that show a fake permission request dialog? This won't stop them (and I don't see how you could without entirely removing the feature).
Yeah there's nothing you can really do about those as they're created using arbitrary DOM elements. This cuts back on the permission prompt spam that takes place directly with the Firefox UI.
This type of cancer is what we need in-page popup blockers for.

Mozilla has been promising to work on it and started a data collection program that I contributed to, but there are no news to share and the data doesn't seem to be publicly accessible. What a disappointment.

Nudge and you shall receive!

https://github.com/mozilla/popup-urls

Thank you for contributing!

Thanks!

Do you have information about the progress of the project? How about a new extension that makes you click to remove the pop-up? The data collected that way could almost directly go into a neural network.

Do you happen to know whether there are extensions to automatically answer GDPR pop-ups (indeed while blocking in page pop-ups these should probably receive special treatment)?

>> Downgrading the prompt to a non-popup icon in the address bar unless it follows a user action sounds like the perfect balance.

I disagree. There should be no UI for these. A site should essentially say "click here to enable XXX" as part of the page. Anything else is essentially a pop-up. I don't want buttons or controls in my browser to be controlled by a web site. BTW that includes the back button - why browsers ever allowed sites to take control from the user is beyond me.

> A site should essentially say "click here to enable XXX" as part of the page.

Then the site will just make their own annoying popup asking to enable notifications. By giving UI control to the browser, the browser vendor can decide how forceful it should be.

>why browsers ever allowed sites to take control from the user is beyond me.

Because users wanted sites to be able to control that?

> A site should essentially say "click here to enable XXX" as part of the page.

> why browsers ever allowed sites to take control from the user is beyond me.

These two statements don't fit together in my mind. Can you try to reconcile them so I can understand better what you're trying to say?

I'm afraid this will backfire. We might see another wave of "click this icon in your browser to receive the latest notifications!" pop-ups showing up. Which would then require an adblocker to block these kind of popups.

So we use an ad-blocker to block a popup, which only appears because a browser vendor decided to hide a popup.

This is absurd.

I'm not so sure. Right now, everyone uses the popup because there isn't an alternative. If there's an alternative, popup use will go down some - but how much?
No, that's fine. Because the "click this button in your browser" popup is part of the normal webpage DOM and can be blocked using existing tools. As opposed to this notification, which was (ab)using the browser itself to spam the user.
It’s not fine. Safari lets me disable the requests globally, which I did, because every stupid website asks for notifications permissions.

Since then, there’s a lot of in-page popups asking the same, exactly as described above. No adblocker seems to be effective against them, and writing custom rules for sites I visit once isn’t sensible use of time...

> Downgrading the prompt to a non-popup icon in the address bar unless it follows a user action sounds like the perfect balance.

But where should we put these non-popups? Perhaps we could have a dedicated bar for notifications, rss, and other services that a website offers, as well as any other relevant information. That way, we won't be clogging up the address bar. I'd happily sacrifice vertical 30px for that.

A "status bar", if you will.

This is exactly the correct behavior. I've been trying to figure out if it could be enabled through an extension.

I'm a little worried that sites will all start using javascript to trigger stuff following any user action, much like a bunch of terrible sites do now with popup ads. I think the best behavior would be to only show the icon, and let sites that need it use the DOM to tell the user to click the icon. If sites want to trash their own DOM so try to get users to enable notifications, so be it, but at least this could be blocked by ad blockers. On the other hand, I don't see Mozilla doing this because they're far too concerned with discoverability by novice users.

I'm still shocked that anybody thought the first generation implementation of this (in any browser, not specific to Firefox) was ever a good idea. I can see making the request visible to the end user, but... as a dialog? Why?

At least make it a narrow bar across the top/bottom that doesn't obscure web site content and can be easily ignored. Perhaps better would be to make it a button like there is a button to favorite/bookmark a site. A dialog isn't even near the top of the list of good designs.

Agreed completely.

- Why are dialogs still a thing?

- Why is stealing focus still a thing?

Browser makers, operating system manufacturers: Stop it. Dialogs are hot garbage, and users ALONE should have control over input focus. If you need the user's attention flash/animate.

If you cannot make a thing without a dialog, focus lock, or focus theft then maybe the thing you were trying to make was inherently a bad idea.

Windows is terrible at this. I was running the Visual Studio Installer in the background and it stole key-input focus dozens of times, often going to black dialog boxes that immediately closed leaving focus on nothing.

I had no idea wth you were talking about until you mentioned Visual Studio Installer, then I knew immediately what you meant.

This is a huge problem for Windows and Mac.

Open notepad. Press a key over and over. If the key-press stops going to notepad then focus has been transferred/stolen. Firefox's Notification Permission dialog has this behavior within the browser.

For example go to Reddit or Facebook, start entering text, the notification permission dialog will appear, steal focus, and now your key-presses go into a black hole.

The whole concept of focus-theft is an anti-pattern. Interestingly one mobile operating systems originally designed out but has slowly been creeping back in.

Software on Linux is not always better. IntelliJ for example took focus two times on startup for a long time.
Steam also has this problem in Linux, though that's the only program I can think of. Opening Steam results in three different windows stealing focus in sequence for no other reason than to tell you that Steam is in the process of opening.
4 for me. Updating, logging in, the client, and the ads.

I removed it from my panel just so I'd stop waiting for these if I misclicked it.

Firefox and Chrome don't steal focus in this dialog. It's not modal either.
Firefox absolutely steals focus for this permissions dialog, as recently as AFTER you made that post (Firefox 66.0.1).
Can't reproduce. Tried stern.de, Firefox 66. Scrolling with keys still works. I tried clicking the search as fast as possible before the permissions dialog comes. Key input still works after dialog appears.
(comment deleted)
For years browser vendors have displayed little yellow infobars at the top of the screen related to page functionality. These were visible enough but didn't demand immediate action in the way a dialog taking focus and overlaying the browser chrome and page does. Browser vendors had better UX options to choose.

And push notifications definitely fall into the "this is something you might wish to do to enhance page functionality" category rather than "this is something the browser needs you to action" category associated with dialog boxes.

As long as the websites that request the permission have a legitimate reason to show notifications, a dialog is actually a good idea - it makes it easy for users to enable notifications, whereas a toolbar button would be easy to miss. If browsers had anticipated every random news site asking to show notifications, I imagine it would have been designed differently.
No, it's not.

Currently on legitimate and decently built sites I get a custom JS modal popup that asks me to accept the location request before they even request location access. They do this because otherwise their location request gets dismissed by users out of habbit and then people don't know how to reenable it.

It's shit UX.

Notifications and always on location access should be a bell icon in the url bar. Think YouTube notifications.

On top of that, there should be a "use location" html element that sets it's value to the current location when clicked. It would also be nice if that threw up a warning when proxy settings are detected.

I think this bell meme is less widespread than you think. I can't imagine the people I know concluding that the notification permission is hidden under a bell icon, let alone find it intuitive.
Au contraire, i think the bell meme is more widespread than you think. Taking India as an example, the lower levels of literacy has actually made video content the primary form of online content. And with youtube being one of the major portals of such content and with every youtuber in every corner of the globe nagging subscibers (in their native language) to click that bell icon i think it has already spread to a large demographic.
I wasn't claiming it was well known, in this case I don't think it matters. I assumed anyone that really cares would throw up an arrow and some blinking text pointing at it. Yes, this will be ugly, just like every site I visit asking if they can send me private messages whenever they want is ugly.

That said, the bell icon not being intuitive doesnt stop YouTube.

Likewise, channels switched to "like, comment, subscribe, and don't forget to hit the bell." Literally overnight.

I just see this concern as a non issue.

Also because some browsers once you deny you can't re-request. but you can show as many html 'overlay prompts' as you want
Didn't they? It sounds strange to assume that nobody ever wondered how this feature might be abused - it's not like that hasn't happened before in the history of browsers.
It is literally being used to abuse less tech literate ppl (elderly, children, non english speakers, non-tech savvy people, people from third world countries).

Such people just click yes yes yes to these popups without reading them (thinking theyre EU cookie, T&C, privacy prompts, etc). Its a prime vector for malwartisements these days.

it seemed more a protest to having to. as is it is bad and i could not believe the way they did it.
I find it particularly weird that Firefox has that great annoying popup for notifications, but reports suppressed pop-ups with an obvious but unobtrusive top bar. Why not use exactly the same construct for notifications?
If a website presents a pop up to me asking if I want notifications, I click yes then I click block when the browser dialogue appears. No more notification pop ups on that site.

I realize I can categorically block all notification permissions, but there are some sites where I want to allow them.

It still boggles my mind how over engineered that prompt is in Firefox [1]. And glad to see that the new prompt follows Safari’s simple “Allow / Disallow”.

[1] Of course I got into a shouting match on Twitter about it some time back: https://twitter.com/dmitriid/status/920293887746433024 and https://twitter.com/dmitriid/status/920373234104700931

I honestly think a patch is a more productive way to deal with this if you're a developer who wants to see the functionality.
What if I'm a developer who has no idea how Firefox UI works?
There is one more reason why the acceptance rate of notification prompts is low (3%), other than the two points mentioned by Mozilla.

THAT reason is that simply people do not want to be notified. They value their attention in these times of constantly being bombarded by attention seeking prompts, ads and notifications, that if asked, people surely chose not not being bombarded more.

I’d say Mozilla is right in their wording. Your point here is also included in that - if websites showed the push dialog responsibly, it would be for example in the website settings after the user checked a box called “send me push!”. Many good web services do it this way, and if done this way I suspect the accept rate is closer to 100%.

Some people might want push from news pages, but 97%+ don’t, so it makes no sense to request it immediately.

They probably even lose subscribers. Someone who read some content and liked it, decided that they want push may have already opted out because they didn’t know the site yet.

everyone is a bad actor, including the browser makers

zero confidence

Good work from Mozilla, but it won't help prevent those sites that pop up a HTML modal asking you to subscribe by email AND then a few seconds later pop up another HTML modal asking to send you notifications to keep you up to date AND then sliding in something from the bottom with "relevant" posts AND maybe also slide something else in from the top or sides with some other thing that just ends up blocking the content you're actually interested in reading....
I opened a medium post the other day from my phone that did all this stuff. It was amazing - there was a bar up the top asking me to install the medium app. Then another bar below that asking me to subscribe to the author or something. Then a call-to-action pop-over on the bottom of the screen asking me to join a mailing list or something.

Only about 1/4 of my phone screen was left displaying the content - which wasn't even enough space to see the post's title on my plus sized phone.

I closed the tab, because who has time for that?

I can never tell if websites don't know how many people get turned away by how awful their websites are, or if they know but figure its a good deal. (Maybe medium figures an X% drop in blog engagement is worth it if a few readers join their mailing list).

In the meantime I'd like it if all browsers added an option to automatically block all website notification requests. Firefox does this, and its great.

Fyi, you might like, Firefox + ublock + annoyances list on mobile fix most of this garbage.
What is "annoyances list" ?

EDIT: Oh, right, inside the ublock options.

A filter list targeted at removing annoyances. There's a few around, https://github.com/yourduskquibbles/webannoyances is a popular example.
Right, I found a couple inside the "3rd party" tab in ublock. This is great! Thanks.
"'3rd party' tab"?

What is your version of uBlock Origin? That tab was renamed "Filter lists" a long, long time ago.

> I can never tell if websites don't know how many people get turned away by how awful their websites are, or if they know but figure its a good deal.

Having been told to implement aggressive exit-intent overlays on sites: I'm pretty sure it's the latter. A substantial amount of people don't bounce if you throw an annoying "do you really not want to know this secret?" overlay at them with an option saying something like "OK YES I WANT TO KNOW". I hate sites that do it, but for most sites, it's not tech-adept power users that make up the audience.

My favourite thing about using 1Password to store my credit-card details is the number of times I've gone to pay, started moving my mouse to the 1Password button, and the exit-intent fires and gives me a discount I wasn't expecting.
Back in the 80s I used to read Texas Monthly magazine. It had a lot of good writing (still does). But I had to quit when they started putting the table of contents after 30 pages of ads. Worse, every issue contained 2 or 3 scratch-and-sniff perfume samples that made the magazine reek like a bordello.

We're kind of at that stage with the web now. There's no perfume (yet) but there are auto-play videos. (Thank you Mozilla for fixing these.)

Imho only Google can solve that. Give sites that do non-interaction overlays -100 and it will be a thing of the past.
NoScript fixes a lot of this crap. If you want to deal with less breakage you can use the uB:Origin element zapper to remove annoying overlays.
I've found that the "Kill Sticky" bookmarklet works wonders for obliterating most of these in a single click.
Don't forget the chatbot. "Wouldn't you like to ask me a question?" in a modal dialog that covers 25% of (what's left of) the content.

No. I don't want to ask you a question. You're a robot in the uncanny valley of English, and you're annoying me.

Thank goodness for the Kill Sticky bookmarklet. I could not surf without it nowadays.

I just close the whole tab and never visit again if that happens...
I don' think Mozilla can stop terrible websites from being terrible. You'll just have to visit better websites.
A couple of weeks ago I had a site that simultaneously showed me an extra-wide cookie bar, a notification request, and a greyed out screen with a half-screen "Disable Adblocker" request. That was two-thirds of my entire laptop screen devoted to popups I didn't want!
Making the "Never Allow" button directly accessible is a big win.
Just a couple weeks ago i was helping "disinfect" an android phone for a acquaintance (shopkeeper) here in India.

The "virus" in question was chrome notifications for spam/porn/malware probably from malvertisements embedeed in some websites. It took me several minutes to locate and disable them. You would think that chrome on android would give an option to disable an offending notification from the notification bar but no, you have to go digging in the chrome settings and scan through the permission list to find the offenders.

While i certainly think it is a useful api needed for the free web(i still prefer websites over apps which are essentially websites with undeleteable hypercookies), Mozilla and Google need to do a better job protecting the literally billions of people who are less literate (either in tech or english) from the cesspool that is online media.

Global setting: “I will never choose to receive notifications from a website.” Linked directly from that popop.

Sorted.

Chrome already does this right with language translation: “do you want to translate this website?” “No”/“Never translate this site”/“Never translate French”

Do that with notifications And well never need to see that prompt again.

This “feature” is abused terribly around the web. For every site with useful notifications like gmail, there are 10 which misuse it. Yesterday I had the misfortune of misclicking on the prompt from a website. I started getting notifications like “YOUR COMPUTER IS INFECTED WITH A VIRUS”. Turning off notifications for that website took at least 4 clicks through Chrome settings. Good to know there is a setting to turn it off completely on Firefox. If I personally actually wanted notifications from a service, I’d install the mobile app.

Second, Mozilla seems to use telemetry data responsibly and well. Turning off notification prompts by default can’t possibly be done unless you have the data on acceptance rate on different types of prompts. If you’re making such decisions based on your intuition you’d likely get it wrong.

I ask the folks on HN who constantly criticise the collection of such telemetry, what did I lose as a user when Firefox collected this anonymised data? More importantly, how would you have made a decision here without the data? Intuition? (I’d request that no one reply with platitudes like “with enough data nothing is anonymous” and “you’re making a nothing-to-hide argument”)

You're making an assumption that their decision was based on data they collected. Not worth discussing data privacy with you over that-- they may have very well done simple user testing or done it on a whim of a few users that put a good case forward.
From the article: > According to our telemetry data, the notifications prompt is by far the most frequently shown permission prompt, with about 18 million prompts shown on Firefox Beta in the month from Dec 25 2018 to Jan 24 2019. Not even 3% of these prompts got accepted by users.

The decision seems very clearly based on the collected data.

No it's not, they quoted some telemetry but the feature and decision may have been decided way before then. The data may only be a justification for it.
Well, there is little proof that they decided something and then went looking for data unless you can find some statement by mozilla that supports your theory?
> May have been

That’s a huge assumption. I’m going with a smaller assumption that Mozilla wouldn’t publicly lie for no obvious gain.

He's also failing to acknowledge that using telemetry in a constructive way does not preclude using that telemetry in a malicious way as well.
Firefox’s source code is open. So is Visual Studio Code. Could you please tell us what is collected that could possibly be used maliciously?

You can get started here - https://github.com/Microsoft/vscode-extension-telemetry and https://github.com/Microsoft/vscode

I didn't say that I believe it's being used maliciously. I pointed out that "Second, Mozilla seems to use telemetry data responsibly and well." is an assumption that can't be justified by observing publicized uses of the telemetry. It presumes that published uses of telemetry encompass all uses of telemetry.

I have no reason to look at Mozilla's source because their stated policy already admits they collect information that could be considered sensitive, under certain circumstances:

> Category 3 “Web activity data”: Information about user web browsing that could be considered sensitive. Examples include users’ specific web browsing history; general information about their web browsing history (such as TLDs or categories of webpages visited over time); and potentially certain types of interaction data about specific webpages visited.

> Pre-Release: May be eligible for default on data collection, provided there is an opt-out.

> Release: Default off. On a case-by-case basis collections may be eligible to be "default on" if mitigations are identified. Mitigations may include UX changes that make users aware of additional risk, technical mechanisms that remove the risk, or a risk assessment done of a case-by-case basis that determines the risk is limited.

So here we have mozilla admitting that their default-on telemetry in pre-release copies of Firefox may include browsing history. This is information that COULD be used improperly. That's not to say Mozilla is, but confirmation that they aren't would require independent audits of the organization and their security practices. Simply reviewing their press releases is not enough to conclude that they haven't misused sensitive information.

(Frankly I don't give a damn about VSCode, at all.)

I think the important point is that software developers prefer to enable telemetry silently, without even notifying the user, let alone asking for a permission. If they think that telemetry is so useful, why not ask the user about it?
Firefox does notify the user, along with a button to disable it.
I don't disagree with you but this is a discussion about Firefox, what does Visual Studio Code have to do with anything?
It's a discussion about opt-in telemetry (that I started). I pointed out VS Code as another example of an app that gets a lot of hate on HN for using opt-out telemetry.
>I ask the folks on HN who constantly criticise the collection of such telemetry, what did I lose as a user when Firefox collected this anonymised data? More importantly, how would you have made a decision here without the data? Intuition? (I’d request that no one reply with platitudes like “with enough data nothing is anonymous” and “you’re making a nothing-to-hide argument”)

You don't need telemetry to find out that notifications get abused like that.

No but you need telemetry to find out how users react to abusive notifications and how they interact with websites where they do genuinely want notifications from. You can't just guess that.
>you need telemetry to find out how users react to abusive notifications

You need telemetry to find out how users react to abusive notifications? Wow. I know that A/B testing is in vogue, but can’t they just use some common sense?

People despise abusive notification prompts.

People despise abusive location prompts.

People despised abusive popups to the point that every browser blocks them and websites started emulating popups via CSS to keep abusing their users (hi Medium!).

Unfortunately we are living in the world where the common sense is wrecked. People do complain if abusive notifications are blocked and websites are rendered unusable as a result, though it is completely the fault of websites! Keep in mind that browser vendors are trying to solve multivariate equations that involve users, web developers, companies, abusers and crackers...

  You need telemetry to find out how users
  react to abusive notifications?
I run an ad blocker, so my perception of notifications is they're used for things like breaking news notifications on news websites [1]. That's not a feature I personally need, but 24 hour news channels exist so presumably someone feels they need regular news updates.

So no, it's not obvious to me everyone dislikes notification requests, even if I have them all blocked myself.

If you let curmudgeon developers like me dictate products' features sets based on intuition, there'd be no HTML e-mail, no third-party cookies, no WebGL, no emojis, no WebUSB.... :)

[1] https://www.wired.co.uk/article/push-notifications-breaking-...

When is a notification prompt abusive? What rule do you need to distinguish a non-abusive prompt (for example a chat program wanting the ability to notify you or a GPS-related map on a website) vs an abusive prompt (newswebsite wanting to spam you or a tracking tool using GPS).

Common sense doesn't work here because everyone has a different perception of when these prompts become abusive or unwanted. Mozilla uses the data collected to determine how they can establish a rule to distinguish between abusive prompts and non-abusive prompts.

How users react to them is a good indicator if the prompt was abusive or not, most people will decline abusive prompts and accept good ones.

A simple "wait until first DOM interaction" will likely be not sufficient since a simple click on a text would then create the prompt. With more data you can determine a better rule.

That people despise these prompts is fairly obvious and exactly why Mozilla is collecting the data; they want to help people by establishing a good common ground rule for these notifications to be automatically blocked.

I like the Firefox approach. Nightly collects a lot of data (because you're a power user that want to improve the browser). Regular release collect a lot less.
This is the reason why windows doesn't let you opt out- power users would opt out.

Case in point - jump lists were removed from start menu.

That said- why treat regular users unfairly by not optimizing for their use cases too?

I don't see how this issue has much to do with "fairness." There's no reason that any organization must treat its audiences identically.
I don't agree with that thinking. I can say the opposite. Why did someone enabled the notifications feature globally? Was it based on intuition? Then they are wrong, they are actually. They should collect data from all people before inserting any such "features".
What? You want them to “collect data from all people” on how they use a feature right now ... before adding the feature? How would that work, exactly?

> they are actually.

Ok.

I don't want that.

The previous comment said that if it's not based on telemetry, then the intuition based decision is wrong. I am suggesting that if that's the case then we have to use telemetry before implementing everything. We should never have any feature without telemetry confirming it first.

Can't you also block it completely in Chrome and whitelist some websites? Settings -> Privacy.. -> Content Settings.. -> Notifications (Blocked)

I haven't seen any prompts since I changed that. Although I don't use this feature at all.

I think the bad thing is not telemetry itself but the fact that it is silently enabled by default instead of asking the user whether they agree to it. Make it voluntary and there would be no problems at all. I didn't ask for this feature.

Also, one doesn't need telemetry to notice how notifications are abused on the web. You can just start a browser, visit top 1000 popular sites and count how many of them show the popup.

Also, it seems like everyone tries to abuse notifications. For example, Youtube app shows a notification when the channel you are subscribed to releases a new video. Is it so urgent, that you need to distract the user? They could show this information when the user opens the app.

Have you used Firefox? A notification about telemetry is shown on-screen the first time you launch it, including a link (or maybe button, I forget) taking you to the settings page where it can be disabled.

If you're talking about telemetry collection in general, and not specifically Firefox, then nevermind.

I don't find telemetry bad in any way, provided that it is non-identifying telemetry, so I don't mind that it's on by default. There should always be an option to turn it off for those that want to.

Many, many more applications collect telemetry than people suspect, and for every application you know of that collects it, there are a dozen that collect it without telling you.

You are right about notifications being over used. We've all gotten notification fatigue, now, because every website thinks it's own notifications are super important. I want notifications when major news events happen, when my wife texts me, and for nothing else. I do not, and will not ever, care to be notified the instant a website has new content.

> Make it voluntary and there would be no problems at all.

Unfortunately that would make the telemetry non-representative. That said, it is opt-in when possible, if you consider "using Nightly" as opt-in (it's clearly explained before and after installing Nightly).

> You can just start a browser, visit top 1000 popular sites and count how many of them show the popup.

That doesn't tell you anything about what behaviour led up to a permission request that got granted vs the 97% that got ignored. Furthermore, it wouldn't have told them that the notification request is denied far more often by users than the webcam/mic request.

> Also, it seems like everyone tries to abuse notifications. For example, Youtube app shows a notification when the channel you are subscribed to releases a new video. Is it so urgent, that you need to distract the user? They could show this information when the user opens the app.

It would be nice to have data on when users revoke permissions again as well, indeed.

>Turning off notifications for that website took at least 4 clicks through Chrome settings.

It's actually just three clicks, and you can do so from the page itself. No need to go into settings.

Click the Lock icon left of the omnibar. On pages that request notification permissions (eg. reddit), you'll see a toggle for it. Along with any other permissions requested.

But you have to make only one click to agree to the notifications.
Yes, or one click to disagree. What's wrong with that approach?
>This “feature” is abused terribly around the web. For every site with useful notifications like gmail, there are 10 which misuse it.

I think you're off by an order of magnitude there. It's at least 100 sites that misuse it for every legitimate one.

Yes I think that 1/100 is a more accurate ratio. I have only accepted 4 notification prompts and I know that i have encountered more than 400 that I denied.
If you like it, feel free to enable telemetry. But why force me to enable it as well?
Exactly for actions like this which they've done in the post. Would you prefer a more obvious switch on setup?
Notifications are the new popups, just add an option to disable them completely.
(comment deleted)
Whoever thought implementing to show every notification permission prompt to the browser is, excuse my language, an idiot.