Mozilla developers have announced an experiment in which it is planned to test the technique of dealing with intrusive requests to provide additional permissions to websites.
And it is not that they acquire privileges or something like that, but that For some time now, more and more websites have been abusing the ability to request the permissions provided in browsers, mainly through the periodic withdrawal of push notification requests.
To protect users against this type of spam, the folks at Firefox plan to limit the situations in which the site can display such notifications.
There is an option in Firefox settings for a long time that allows you to completely disable the output of push notification requests, but this feature is inconvenient in situations where the user does not intend to completely refuse to send notifications, but wants to get rid from annoying spam.
According to the statistics from the telemetry collection, Firefox Beta users from Dec 25 to Jan 24 submitted about 18 million requests of the websites they visited in order to receive notifications.
Only 3% of the applications were approved and most were rejected and in 19% of cases, users immediately closed the tab with the page after the appearance of said request, without pressing the consent or rejection button.
For comparison, when requesting access to the camera and microphone, the acceptance rate for notifications is 85%. These statistics suggest that push notification requests appear out of context and annoy visitors.
Notification blocker
Starting yesterday and running through April 29, an experiment is running on Firefox nightly builds: authorization requests will be blocked unless the user interacts with the page (mouse click or keystroke).
During the first two weeks of this experiment, requests will be blocked silently and the time remaining when you try to display the request, the address bar will show a request receipt indicator. By clicking on it, you will be able to see the application itself.
Then a second experiment is planned, during which a small percentage of users of the Firefox 67 release will be asked to share information on how to work with the application authorization forms.
During the experiment, the Firefox developers intend to obtain information on how long the user has been on the site before displaying the request for credentials and to accumulate statistics to detect abuses that can be blocked.
The idea on the part of Firefox developers to try to minimize the spam that many websites abuse is not bad.
Even ending the annoyances of notifications can be a plus that can attract new users, but you should also take into account that the fact that a user can receive notifications is often useful.
Say for example Facebook or the user's sites of interest. The idea of Firefox could be polished one more by for example gathering spam sites in a list in the style of ad blockers.
UserScript API
In addition, on nightly builds on the basis of which the Firefox 68 release will be formed, the default user APIs are activated.
This will allow you to create plugins based on Greasemonkey-style WebExtensions technology, which will allow you to run custom scripts in the context of web pages.
For example, by connecting scripts, you can change the layout and behavior of the pages that users are viewing.
This API is already included in Firefox, but until now, to enable it, the "extensions.webextensions.userScripts.enabled" setting was required in about: config.
Unlike existing plugins with similar functionality, which use the tabs.execute call, new API allows you to isolate scripts in sandbox environments, fixes performance issues and lets you handle different stages of page loading.