Privacy/Features/Site-based data management UI
|Site-based data management UI|
|Release target||Firefox 6|
|Status note||Landed on mozilla-central.|
|Product manager||Asa Dotzler|
|Directly Responsible Individual||Sid Stamm|
|Lead engineer||Margaret Leibovic|
|Security lead||Curtis Koenig|
|Privacy lead||Sid Stamm|
|QA lead||George Carstoiu|
|UX lead||Jennifer Boriss|
|Product marketing lead||`|
Stage 1: Definition
1. Feature overview
It's helpful to be able to control what sites know and do on a site-by-site basis. Ideally, the site permissions dialog, cookie controls, and various other site-based preferences should be accessible via a single UI.
This feature will provide a UI in a content tab (much like the addons manager) that allows users to customize permissions and settings for sites on a site-by-site basis.
This feature falls primarily in the Experience category (from the "Discover, Experience, and Connect" vision statement.)
2. Users & use cases
- Empower users to define data-sharing relationships with sites instead of with the various APIs in Firefox
- Provide a secure, non-spoofable way to set these preferences.
- Make it clear to users how they interact with each site (and all sites)
- Assure users that the interface is part of Firefox and cannot be manipulated by a web site.
- We need to document existing data sources and mappings to the user interface
- UI must be designed carefully, perhaps with a user study
- Security and authenticity of the configuration UI must be verified and accessible to users.
- This is not an enhancement of the site identity door-hanger (Larry)
- This is not a new set of preferences or permissions, just a new interface to existing ones.
- This is not a visualization of how people interact with sites
- This is not in-flight configuration prompts or UX.
Stage 2: Design
5. Functional specification
6. User experience design
The site-based prefs will be implemented in content at an about page (
about:permissions). It will be in-content (much like [about:addons]), and is intended to replace the various site-based or "all-sites" prefs and permissions that exist for:
- geolocation permission
- storage (IndexDB, localStorage)
- add-on installation permission
- pop-up blocking
- image loading permission
- HTTP Strict-Transport-Security setting
- (history and bookmarks)? Maybe?
The UI will present a list of sites, searchable, ranked by frecency, complete with domain or subdomain name, site title, and favicon. When a user selects a site, the preferences for that site will be displayed, and the user will have the opportunity to change the preferences for that specific domain or subdomain.
The UI will include the ability to sites not yet accessed; this will provide pre-access preferences for those users who wish to block images from specific sites or assert control before it is needed.
Stage 3: Planning
7. Implementation plan
Quality Assurance review
- Remaining opened bugs
- Main implementation bugs landed and were verified
- Smaller patches to land in the following milestones
Stage 4: Development
- [DONE] implement basic patch
- [DONE] create basic test plan
- [DONE] land patch for wider testing
- [NEW] user study?
- [ON TRACK] design UX
- [ON TRACK] document data sources and mappings to UX
- [NEW] security / privacy design discussion
- bug 573176 Implement basic about:permissions interface
- bug 657961 Use async API to get favicons for site permissions page
- bug 587208 Need to create icons for the UI
- bug 658097 Make permissions language easier to understand
- bug 588689 Add access to site preferences from the site identity block
Stage 5: Release
10. Landing criteria
|Theme / Goal||Enhance User Controlled Disclosure|
|Engineering team||Desktop front-end|
Team status notes
|Quality assurance||Ready to land in Fx6||main bugs are verified|