Confirmed users
717
edits
Opt-in activation for plugins: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 44: | Line 44: | ||
Chrome has implemented something similar: http://blog.chromium.org/2011/03/mini-newsletter-from-your-google-chrome.html | Chrome has implemented something similar: http://blog.chromium.org/2011/03/mini-newsletter-from-your-google-chrome.html | ||
|Feature users and use cases=* Some software installs a plugin the user is not aware of. The first time the plugin is activated by a given page, the user is: | |Feature users and use cases=Use cases with proposed interactions below emphasized: | ||
** given a warning or | |||
* Some software installs a plugin the user is not aware of. The first time the plugin is activated by a given page, the user is: | |||
** '''given a warning and user must opt-in before enabling or''' | |||
** plugin is click-to-play until the user actives it | ** plugin is click-to-play until the user actives it | ||
* User has an up-to-date version of Flash or some other common plugin | * User has an up-to-date version of Flash or some other common plugin | ||
** plugin is click-to-play to reduce resource consumption and risk of zero-day security exploits or | ** plugin is click-to-play to reduce resource consumption and risk of zero-day security exploits or | ||
** plugin plays automatically because its popular and considered to be currently safe | ** '''plugin plays automatically because its popular and considered to be currently safe''' | ||
* User has an up-to-date version of an "uncommon" plugin or one they have not encountered in the last X days | * User has an up-to-date version of an "uncommon" plugin or one they have not encountered in the last X days | ||
** plugin is click-to-play to reduce resource consumption and risk of zero-day security exploits or | ** '''plugin is click-to-play to reduce resource consumption and risk of zero-day security exploits''' or | ||
** plugin plays automatically because its considered safe | ** plugin plays automatically because its considered safe | ||
* User has a vulnerable plugin with a known security issue, but no update available | * User has a vulnerable plugin with a known security issue, but no update available | ||
** User cannot run plugin or | ** User cannot run plugin or | ||
** User can run plugin after scary warning | ** '''User can run plugin after scary warning''' | ||
* User has a vulnerable plugin with a known security issue, and an update is available | * User has a vulnerable plugin with a known security issue, and an update is available | ||
** User is prompted to update | ** User is prompted to update | ||
** User cannot run plugin | ** User cannot run plugin | ||
** User can run plugin after scary warning to update first | ** '''User can run plugin after scary warning to update first''' | ||
* User is tired of always clicking to play a given plugin (i.e. YouTube, or their favorite Java game site) | * User is tired of always clicking to play a given plugin (i.e. YouTube, or their favorite Java game site) | ||
** A user has clicked on this four times in X days, so automatically enable this plugin on this site until user revokes this decision (about:permissions?) | ** A user has clicked on this four times in X days, so automatically enable this plugin on this site until user revokes this decision (about:permissions?) or remember decision for Y days after last click | ||
** Jruderman has suggested a context menu instead of a click - this is a mitigation against click jacking. Could provide "Now/Always/Never" choices. | ** Jruderman has suggested a context menu instead of a click - this is a mitigation against click jacking. Could provide "Now/Always/Never" choices. | ||
|Feature dependencies=* UX design/review | |Feature dependencies=* UX design/review | ||