Firefox/Click To Play: Difference between revisions
< Firefox
Jump to navigation
Jump to search
(more arranging) |
|||
| (10 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
= Contact Points = | = Contact Points = | ||
* Michael Coates | |||
* Alex Keybl (release | * Michael Coates & Dan Veditz (security assurance) | ||
* David Keeler ( | * Alex Keybl (release engineering, monitoring enterprise feedback) | ||
* Justin Dolske | * David Keeler (security engineering) | ||
* | * Justin Dolske & Jared Wein (Firefox frontend engineering) | ||
* Matthew Grimes ( | * Benjamin Smedberg & Georg Fritzsche (stability/plugins Engineering) | ||
* Mary Trombley ( | * Matthew Grimes (user advocacy team) | ||
* | * Mary Trombley (user research) | ||
* Stephen Horlander (visual design) | |||
* Larissa Co (user experience designer) | |||
= Communication = | = Communication = | ||
| Line 14: | Line 16: | ||
= Items Under Development = | = Items Under Development = | ||
* UI | |||
* Most of the bugs related to click-to-play can be found in [https://bugzilla.mozilla.org/showdependencytree.cgi?id=click-to-play&hide_resolved=1 this dependency tree]. | |||
User research study: testing the user reaction and experience when Flash is made click-to-play: | |||
* Tracked bugs: [https://bugzilla.mozilla.org/buglist.cgi?status_whiteboard_type=allwordssubstr;status_whiteboard=CtPUR%3A%2B;resolution=---;resolution=DUPLICATE;query_format=advanced CtPUR:+ in the whiteboard]. This list triaged and maintained by bsmedberg. | |||
Turning on click-to-play by default: | |||
* Tracked bugs: [https://bugzilla.mozilla.org/buglist.cgi?status_whiteboard_type=allwordssubstr;status_whiteboard=CtpDefault%3AP;resolution=---;resolution=DUPLICATE;query_format=advanced CtPDefault:P in the whiteboard]. This list triaged and maintained by bsmedberg. | |||
Security Improvements for blocked plugins: | |||
* Primarily this means making the UI non-clickjackable for known-insecure plugins, and is tracked in {{bug|832481}}. | |||
Usability Improvements (for security-blocked and CtP-by-default plugins): | |||
* will be refined based on data from the user research study. It is very likely that we will need to implement bug 834749 or something like it to make "always for this site a more prominent option (perhaps the most prominent option). | |||
* The doorhanger itself may also need to be refined | |||
* The behavior of the doorhanger/notifications when small/hidden plugins are present may need work. This especially impacts sites that use plugins to play audio or do special processing (file upload controls that use Flash can also be affected) | |||
= Feedback to Prioritize = | = Feedback to Prioritize = | ||
| Line 21: | Line 42: | ||
= Links = | = Links = | ||
* [https://support.mozilla.org/en-US/kb/why-do-i-have-click-activate-plugins#w_how-to-always-activate-a-plugin-for-a-trusted-website Support Article on CTP] | * [https://support.mozilla.org/en-US/kb/why-do-i-have-click-activate-plugins#w_how-to-always-activate-a-plugin-for-a-trusted-website Support Article on CTP] | ||
* [https://wiki.mozilla.org/Blocklisting/PluginBlocks Current plugin blocks] | |||
* [https://crash-analysis.mozilla.com/bsmedberg/flash-distribution.html Flash distribution] | |||
= Flash Population Data = | |||
Daily statistics about the Flash versions used within Firefox are [https://crash-analysis.mozilla.com/bsmedberg/flash-distribution.html gathered via telemetry]. | |||
* [1/29] Blocking 0-10.2.*: ~2.8% of users will be CTP | |||
* Blocking non-current 10.3.*: ~2.47% | |||
* Blocking 11.0.*-11.2.*: ~6.9% | |||
* Blocking 11.3.*-11.4.*: ~4.5% | |||
* Blocking non-current 11.5.*: ~7.4% | |||
= Flash Uptake Data = | |||
* ~1/7 (.146 released) - 11.5.502.135 is 77.8% of our population | |||
* ~1/14 - 11.5.502.146 is 68.9% of our population | |||
* 1/28 - 11.5.502.146 is 75.9% of our population | |||
So in 1 week, ~89% of users who are automatically updating get on the latest version. After 2 weeks, 97.5% of users are automatically updated. | |||
Current proposal for blocking non-current versions of Flash: | |||
* 2 weeks must pass since the latest release | |||
* previous_minor_version_population/(previous_minor_version_population+current_minor_verison_population) must be less than 5% | |||
= Planned UX Changes = | |||
Several UX changes are planned to refine the CTP experience. A few notes: | |||
* We won't be using the terminology that there is a security risk with a plugin unless it is actually the situation | |||
* We're exploring the best way to highlight/make visible the "always enable plugins" for this site option | |||
Latest revision as of 16:35, 2 February 2013
Contact Points
- Michael Coates & Dan Veditz (security assurance)
- Alex Keybl (release engineering, monitoring enterprise feedback)
- David Keeler (security engineering)
- Justin Dolske & Jared Wein (Firefox frontend engineering)
- Benjamin Smedberg & Georg Fritzsche (stability/plugins Engineering)
- Matthew Grimes (user advocacy team)
- Mary Trombley (user research)
- Stephen Horlander (visual design)
- Larissa Co (user experience designer)
Communication
- Jan 29 - Mozilla Security Blog - Putting Users in Control of Plugins
- Jan 29 - CTP For Flash 10.2 and lower
Items Under Development
- Most of the bugs related to click-to-play can be found in this dependency tree.
User research study: testing the user reaction and experience when Flash is made click-to-play:
- Tracked bugs: CtPUR:+ in the whiteboard. This list triaged and maintained by bsmedberg.
Turning on click-to-play by default:
- Tracked bugs: CtPDefault:P in the whiteboard. This list triaged and maintained by bsmedberg.
Security Improvements for blocked plugins:
- Primarily this means making the UI non-clickjackable for known-insecure plugins, and is tracked in bug 832481.
Usability Improvements (for security-blocked and CtP-by-default plugins):
- will be refined based on data from the user research study. It is very likely that we will need to implement bug 834749 or something like it to make "always for this site a more prominent option (perhaps the most prominent option).
- The doorhanger itself may also need to be refined
- The behavior of the doorhanger/notifications when small/hidden plugins are present may need work. This especially impacts sites that use plugins to play audio or do special processing (file upload controls that use Flash can also be affected)
Feedback to Prioritize
https://etherpad.mozilla.org/CTP-feedback
Links
Flash Population Data
Daily statistics about the Flash versions used within Firefox are gathered via telemetry.
- [1/29] Blocking 0-10.2.*: ~2.8% of users will be CTP
- Blocking non-current 10.3.*: ~2.47%
- Blocking 11.0.*-11.2.*: ~6.9%
- Blocking 11.3.*-11.4.*: ~4.5%
- Blocking non-current 11.5.*: ~7.4%
Flash Uptake Data
- ~1/7 (.146 released) - 11.5.502.135 is 77.8% of our population
- ~1/14 - 11.5.502.146 is 68.9% of our population
- 1/28 - 11.5.502.146 is 75.9% of our population
So in 1 week, ~89% of users who are automatically updating get on the latest version. After 2 weeks, 97.5% of users are automatically updated.
Current proposal for blocking non-current versions of Flash:
- 2 weeks must pass since the latest release
- previous_minor_version_population/(previous_minor_version_population+current_minor_verison_population) must be less than 5%
Planned UX Changes
Several UX changes are planned to refine the CTP experience. A few notes:
- We won't be using the terminology that there is a security risk with a plugin unless it is actually the situation
- We're exploring the best way to highlight/make visible the "always enable plugins" for this site option