Security/Add-Ons Discussion

From MozillaWiki
< Security
Revision as of 17:14, 26 April 2011 by Curtisk (talk | contribs) (Created page with "2011.04.18<br> Addon Dialog Discussion<br> Goal of meeting: UX and Sec talk about what the mutual goals are in this space so a path to mutual agreement can be found Bugs: * {{b...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

2011.04.18
Addon Dialog Discussion
Goal of meeting: UX and Sec talk about what the mutual goals are in this space so a path to mutual agreement can be found

Bugs:

  • bug 416605 - Reduce security dialog delay from 2 seconds
  • bug 561177- Remove countdown from add-on install dialog
  • bug 588266- Firefox add-on installation dialog should use doorhanger notification
  • bug 616100- Remove redundant install delay (undo fix for Bug 162020) [for non-AMO sites]
  • bug 646602- Installing add-ons from AMO should not invoke the security prompt
  • bug 643020- Implement the new install UI in the content area

Notes:

  • possible changes to add-on dialogs and their impact
  • goal improve add-on installation for users
    • lengthy steps seem in consistent to users, ex: countdown, and UI differences
    • perception on AMO that even AMO is not trusted even when add-on comes from Moz
    • implication is this should not be trusted even if linked to by trusted spaces.
  • streamline process, make easier, less clicks, possibly reduce or remove countdown

Q: What are the risks entailed in installation and is AMO less risk than other sites?

  • Should be clear that AMO is a website that is part of the app, but what if AMO is hacked? Does this neccessarily help?
  • If you go to AMO as a website then this is a prefered experience, like the bits in FX
    • Desire: AMO having a different status
    • Dialoge is needed as click-jacking is still prevalent/possible on AMO
    • A site cannot frame the add-on tab, where as getting a click attack on AMO is somewhat trivial
  • Need clear dialog for AMO sandbox

mockup: https://people.mozilla.com/%7Ejboriss/dump/flow_chart_for_addon_download2.pdf

suggestions:

  • We could lower the delay from 2 noisy seconds to 1 quiet second
  • We could show the user-intent-verification first, before the download finishes. Then there aren't 2 separate "waiting" steps as long as the download is fast
     
    • this would require AMO to supply the stuff that's supposed to appear in the dialog, as part of the installtrigger call, but it would make the UI much better.
  • We could make it so any link to addons.mozilla.org opens in a new tab, and use browser-side defenses against clickjacking on that tab
  • We could deny InstallTrigger if clicked within 1 second of selecting the tab/window, to make clickjacking AMO harder
  • Rather than author information, which is never verified, could show AMO status
    • (not on AMO; sandboxed; full review; old version)
    • popularity
    • average review score

Unresolved Questions:

  • AMO warnings (slows down firefox? has privacy policy?)
Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Add-Ons_Discussion&oldid=302772"