Privacy/Features/Site-based data management UI

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.


Site-based data management UI
Stage Shipped
Status Complete
Release target Firefox 6
Health OK
Status note Landed on mozilla-central.


Product manager Asa Dotzler
Directly Responsible Individual Sid Stamm
Lead engineer Margaret Leibovic
Security lead Curtis Koenig
Privacy lead Sid Stamm
Localization lead `
Accessibility lead `
QA lead George Carstoiu
UX lead Jennifer Boriss
Product marketing lead `
Operations lead `
Additional members `

Open issues/risks


Stage 1: Definition

1. Feature overview

It's helpful to be able to control what sites know and do on a site-by-site basis. Ideally, the site permissions dialog, cookie controls, and various other site-based preferences should be accessible via a single UI.

This feature will provide a UI in a content tab (much like the addons manager) that allows users to customize permissions and settings for sites on a site-by-site basis.

This feature falls primarily in the Experience category (from the "Discover, Experience, and Connect" vision statement.)

2. Users & use cases

  • Empower users to define data-sharing relationships with sites instead of with the various APIs in Firefox
  • Provide a secure, non-spoofable way to set these preferences.
  • Make it clear to users how they interact with each site (and all sites)
  • Assure users that the interface is part of Firefox and cannot be manipulated by a web site.

3. Dependencies


4. Requirements

  • We need to document existing data sources and mappings to the user interface
  • UI must be designed carefully, perhaps with a user study
  • Security and authenticity of the configuration UI must be verified and accessible to users.


  • This is not an enhancement of the site identity door-hanger (Larry)
  • This is not a new set of preferences or permissions, just a new interface to existing ones.
  • This is not a visualization of how people interact with sites
  • This is not in-flight configuration prompts or UX.

Stage 2: Design

5. Functional specification


6. User experience design

The site-based prefs will be implemented in content at an about page (about:permissions). It will be in-content (much like [about:addons]), and is intended to replace the various site-based or "all-sites" prefs and permissions that exist for:

  • cookies
  • passwords
  • geolocation permission
  • storage (IndexDB, localStorage)
  • add-on installation permission
  • pop-up blocking
  • image loading permission
  • HTTP Strict-Transport-Security setting
  • (history and bookmarks)? Maybe?

The UI will present a list of sites, searchable, ranked by frecency, complete with domain or subdomain name, site title, and favicon. When a user selects a site, the preferences for that site will be displayed, and the user will have the opportunity to change the preferences for that specific domain or subdomain.

The UI will include the ability to sites not yet accessed; this will provide pre-access preferences for those users who wish to block images from specific sites or assert control before it is needed.

Stage 3: Planning

7. Implementation plan


8. Reviews

Security review

Privacy review


Localization review




Quality Assurance review

  • Remaining opened bugs
  • Main implementation bugs landed and were verified
  • Smaller patches to land in the following milestones

Operations review


Stage 4: Development

9. Implementation

  • [DONE] implement basic patch
  • [DONE] create basic test plan
  • [DONE] land patch for wider testing
  • [NEW] user study?
  • [ON TRACK] design UX
  • [ON TRACK] document data sources and mappings to UX
  • [NEW] security / privacy design discussion
  • bug 573176 Implement basic about:permissions interface
  • bug 657961 Use async API to get favicons for site permissions page
  • bug 587208 Need to create icons for the UI
  • bug 658097 Make permissions language easier to understand
  • bug 588689 Add access to site preferences from the site identity block

Stage 5: Release

10. Landing criteria


Feature details

Priority P1
Rank 999
Theme / Goal Enhance User Controlled Disclosure
Roadmap Privacy
Secondary roadmap `
Feature list Desktop
Project `
Engineering team Desktop front-end

Team status notes

  status notes
Products ` `
Engineering ` `
Security sec-review-complete Notes
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance Ready to land in Fx6 main bugs are verified
User experience ` `
Product marketing ` `
Operations ` `

Other Documentation

Meeting Notes: