-
Notifications
You must be signed in to change notification settings - Fork 1.3k
WebExtensions in Private Browsing #6123
Comments
Progress report:
|
@brampitoyo As the default for this is "false" (add-ons do not run in private browsing until users turn it off) do we need some form of hint / notification? This is re: #10120 (comment). Defaulting to false seems correct as this is what Desktop does, just wondering if we need to make this more obvious to users? |
@csadilek If these are true:
Then does it make sense to set our default policy to TRUE: allow add-on to run in private browsing? I immediately see huge problems around consent. Add-ons may “phone home” and leak private data (e.g. URLs opened in private browsing). But does our Recommended Extension programme not protect against this? I think that many users’ expectation is for add-ons to work everywhere by default, but also for those add-ons to not leak data while browsing privately. Either way, I do agree that WebExtensions that run in private browsing should be clearly labelled. I propose doing something similar to desktop: have a small (16×16dp) private browsing icon to the side of the add-on name. Thoughts? Icon asset: https://dzwonsemrish7.cloudfront.net/items/2D2h3z2m2P3G0Q2a3I0y/private-browsing.svg |
@brampitoyo Thanks!
Agreed. I think defaulting to "false" is the right thing to do here, so users can opt-in, as desired. Having a list of recommended and tested extensions protects us from this somewhat, but it still could become a problem later. So, I'd vote for being conservative and use the same default as Desktop. I will file a separate issue to introduce the label you provided above. |
User Story
As a user, I want to choose whether I want to allow a WebExtensions in private browsing, so I have control over the data and permissions shard in private browsing.
Dependencies
A-C project board
Acceptance Criteria
┆Issue is synchronized with this Jira Task
The text was updated successfully, but these errors were encountered: