Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Firefox Mozilla The Internet IT Technology

Mozilla Will Run Two Experiments This Month With Firefox To Explore Ways To Fight Push Notification Permission Spam (zdnet.com) 98

Mozilla said this week that it intends to run two experiments over the course of this month to determine the most adequate way of dealing with push notification spam, a growing problem that is slowly deteriorating the web experience for everyone. From a report: The experiments will run in Firefox Nightly (v68) and Firefox Beta (v67). The Firefox Nightly experiment will run from April 1 to April 29. During this time, Mozilla said Firefox Nightly would only allow websites to show a push notification permission only after the user has clicked or pressed a key while on a website. All attempts to show a push notification permission request before a click or key press will be blocked by default. [...] In the last two weeks of the experiment, Firefox will show an icon in the URL bar, but with no visible popup on the page. Users can click this icon and accept any push notification permission requests if they wish so. Further reading: Mozilla and Scroll Partner To Test Alternative Funding Models for the Web.
This discussion has been archived. No new comments can be posted.

Mozilla Will Run Two Experiments This Month With Firefox To Explore Ways To Fight Push Notification Permission Spam

Comments Filter:
  • What are they used for? That isn't spamming with info you already know
    Also, they stop if you close the tab anyways.
    • by Luthair ( 847766 ) on Tuesday April 02, 2019 @03:21PM (#58373966)
      Because its not a good experience if every single website you go to shows an asked for popup about showing you notifications, asking your location, etc. etc..
      • by Anonymous Coward

        This.
        The shit gets old fast.

      • Ironically, the biggest annoyance I've had lately is due to the EU GDPR ostensibly created to protect your privacy. About 80% of the websites I go to now have a GDPR pop-up I have to click through before I can read the content. If I browse in private/incognito mode, cookies are not retained so I get this pop-up every time I visit the site, which is rather annoying. If I browse in normal mode and agree that I have been informed of the site's privacy policy as per GDPR requirements, it writes a cookie to my
        • So website designers have decided that the privacy notification requirement means they need to set a cookie.
          Go figure.

        • by AmiMoJo ( 196126 )

          Those GDPR pop-ups are probably illegal and will hopefully go away soon.

          GDPR requires opt-in consent freely given. Making content only available if you agree is not allowed, you can't tie unnecessary data collection to provision of services. So forcing the user to click "I agree" before they can read your site is illegal.

          BTW you can block most GDPR notices with Fanboy's Annoyances List for all popular ad blockers: https://easylist.to/easylist/f... [easylist.to]

        • Those cookie consent popups existed before GDPR and they decrease privacy rather than increase it. They annoy people who delete cookies frequently, in order to convince them not to delete cookies. It seems to me that this is by design. The big tech companies must be happy with this arrangement, which they probably helped create, precisely because of this side effect.
      • by pla ( 258480 )
        I think you missed the meaning of the GP.

        You can turn them off. Completely. It's really that simple.

        There are exactly zero websites I want to be able to "push" content to me. I thought we had gotten over that entire model when broadcast TV died? Why are we now revisiting a battle we won, in a medium that's essentially "pull" from the ground up?
  • Solution (Score:5, Insightful)

    by Rockoon ( 1252108 ) on Tuesday April 02, 2019 @03:16PM (#58373924)
    Stop allowing websites to pop up anything, every. Seriously. For fuck sakes.

    Why is this hard to understand?
    • by Anonymous Coward

      Firefox allows you to block all notification requests (and thus all notifications). It's buried, but:
      Hamburger->Options->Privacy And Security->Permissions->Settings (for each of Location, Camera, Microphone, Notifications)->Block new 'x' requests.

    • Re:Solution (Score:5, Insightful)

      by nmb3000 ( 741169 ) on Tuesday April 02, 2019 @04:02PM (#58374244) Journal

      Stop allowing websites to pop up anything, every. Seriously. For fuck sakes.

      Why is this hard to understand?

      I have to assume it's because everyone working on the HTML5 stuff is too young to have learned anything from the first time around. In a lot of ways HTML5 is just version 2 of alert(), confirm(), and the embed tag. Throw in a little blink and marquee for good measure (and don't forget object and applet with WebAssembly).

      It turns out that most of these were just abused a lot more than they were used for anything worthwhile. Is anyone surprised that HTML5's allow-by-default or ask-by-default notifications, video, location, camera, microphone, canvas, etc are being abused in the same ways, by the same actors? Only the 20-somethings writing the specs, I guess.

      • I have to assume it's because everyone working on the HTML5 stuff is too young to have learned anything from the first time around

        Wow that's incredibly naive. The people who wrote HTML 5 spec are keenly aware of the first time around. Pretty much anything Web is made for commercialization. If people solely wanted information distribution, we would have implemented a copyleft version of something like Gopher. While Tim Berners-Lee may have originally made the web in the pursuit of wide distribution of information, those who have been entrusted to steer the W3 since mid 1990s have had a single goal in mind. How do we write a commer

    • And bring an end to the concept of a dynamic internet. Goodbye Slashdot.

      Now back in reality there's a legitimate reason to allow popups and notifications. But preventing spam is a problem.

      • There is no legitimate reason to allow for these notifications. Dynamic content works just fine with background requests.

      • It's a novel concept:

        You already use persistent session cookies, for a raft of purposes.
        Combine a session cookie with a browser generated key pair, that gets created when a user clicks on a button on the loaded page.

        Require an actual mouse hover, and actual click. (No automatic bullshit.)

        Name the button something like "I would like notifications". Once pushed, the browser generates a signature which gets attached to the session cookie. The webpage can then check for the cookie, the browser can check the s

        • by hawk ( 1151 )

          >You already use persistent session cookies, for a raft of purposes.

          In all seriousness . . . the reason my slashdot id is so *high* is that when the login system was put in, it required cookies.

          At the time, it was common to replace the .cookies file with a folder to defeat them.

          It was quite a while before there was a post I wanted bad enough to have to deal with this--as well as to accept a cookie.

          Back then, we recognized that writing something that didn't work without cookies *did* make you a bad person

    • by AmiMoJo ( 196126 )

      Just add a little icon to the URL bar when the site offers notifications. The user can then choose to click on it or not. Unobtrusive and minimal.

      Chrome already does that for blocked pop-ups, in case you need to open them for a broken site.

  • by Anonymous Coward

    How about just admitting that "push notifications" are a bad idea?

    • by tepples ( 727027 )

      How else is a webmail user supposed to know, between when the user opens a web browser and when the user opens the user's email provider's website, whether or not the user has new mail?

  • -of blocking all of the sites that do this.
  • No problems here (Score:4, Insightful)

    by renegade600 ( 204461 ) on Tuesday April 02, 2019 @03:28PM (#58374018)

    I don't have too much of a problem with push notifications, it is those videos I want stopped. some you have to wait for it to download before you can do anything with it, some you have to look for on a page because you hear it and not see it, some blocks what you are trying to read because it won't close.

    Then there are those sites that constantly bomb you with their subscription popups. how about stopping those too. maybe if they stop the notification ones, it will stop those.

  • by BitZtream ( 692029 ) on Tuesday April 02, 2019 @03:29PM (#58374032)

    Problem solved. See how simple that was? Do you need notifications in your browser: No, not unless you're trying to use a browser as an application engine, which is your first mistake; Everything after that is just more calamity.

    • I can think of a few reasons - calendar reminders and email notifications

      • Re: (Score:2, Flamebait)

        by dargaud ( 518470 )

        I can think of a few reasons - calendar reminders and email notifications

        Then use a callendar program and an email program. Stop trying to cook chicken and shoot rhinos with a browser.

        • by tepples ( 727027 )

          Then use a callendar program and an email program.

          And if your favorite calendar program and email program are not available for a given platform, or if you lack permission to install an application on your work computer, just do without.

    • So? (Score:1, Offtopic)

      How's life in the hypocrite lane [slashdot.org]?
  • Stop adding bloat to the specification that just adds more ways for advertrackers to steal your hardware resources. If I was in charge I would go back to HTML4 with just the video tag added.. All this bloat makes browser engines complicated which is why everyone is just cloning chrome instead of making their own engines.
    • by jfdavis668 ( 1414919 ) on Tuesday April 02, 2019 @03:57PM (#58374198)
      A comment about Chrome clones in response to one of the only browsers that doesn't use the chromium blink engine.
    • by Anonymous Coward

      There are lots of nice new features in HTML5 which enable cleaner layouts with fewer dependencies on Javascript. Don't throw the kid out with the bathwater. HTML5 isn't the problem. It's the damn Javascript API extensions that need to go.

    • If I was in charge I would go back to HTML4

      I guess the entire world that considers the internet to be more than just randoms posting on Slashdot is thankful that you are not in charge.

    • HTML has had <embed> for ages. It makes the browser do only sane thing: Throw the content to the OS to handle, and drop it if the OS can't handle it.

  • ...you mean like Firefox's nagging about updating?

    • I've never had Firefox nag. It just updates.
      • by XanC ( 644172 )

        Your browser has permission to overwrite itself? Seems like a bad idea.

        • Your browser has permission to overwrite itself? Seems like a bad idea.

          Firefox seems to use the "When in Rome, do as the Romans do" philosophy.

          On my Linux machines, it's updates are solely under the control of apt/dpkg package manager, like everything else in the system.

          On my Windows machine, Firefox does "ambush" upgrades whenever it feels like it, but for some reason it doesn't finish them until you try to use it. So you never know whether you'll be delayed with a "Firefox is installing the latest updates" message box when you need to access something in a hurry. It's like a

          • > So you never know whether you'll be delayed with a "Firefox is installing the latest updates" message box when you need to access something in a hurry.

            This is one of the main reasons I use Chrome. Seriously. It updates in the background then displays a little icon saying I need to restart the browser. When I do it shuts down and starts back up in about 2-3 seconds total and all of my tabs reload. Never have to sit through a stupid 'updating' window like Firefox forces on you periodically.

  • by jfdavis668 ( 1414919 ) on Tuesday April 02, 2019 @03:48PM (#58374140)
    To inform us about this change. Man, talk about getting blindsided.
  • Problem solved ... (Score:5, Informative)

    by fahrbot-bot ( 874524 ) on Tuesday April 02, 2019 @03:58PM (#58374212)

    Add these to your "user.js" file:

    user_pref("dom.push.enabled", false);
    user_pref("dom.webnotifications.enabled", false);

    Optionally these too (may be redundant with above):

    user_pref("dom.push.alwaysConnect", false);
    user_pref("dom.push.connection.enabled", false);
    user_pref("dom.webnotifications.serviceworker.enabled", false);

    • user.js what? Is that how you give tech advice? Just tell people to go to settings, click notifications, and click disable new notification requests.

      I mean shit user.js? Why not ask people to download the source and patch out the code and recompile while you're at it? Or use a hex editor to patch the binary exe like the good old days of bypassing DRM?

      • user.js what? Is that how you give tech advice? Just tell people to go to settings, click notifications, and click disable new notification requests.

        I mean shit user.js? Why not ask people to download the source and patch out the code and recompile while you're at it? Or use a hex editor to patch the binary exe like the good old days of bypassing DRM?

        These settings actually disable the push and web notifications altogether rather than just stopping the confirmation prompts.

        As for using "user.js" file... This is pretty common knowledge, but ... Firefox stores its per-user configuration settings ("about:config" and the various Option settings) for that user's Firefox profile folder in a text-type file named "prefs.js" (see prefs.js [mozillazine.org]) and these names/values are updated whenever Firefox exits. These settings can be overridden and permanently set by placin

    • by antdude ( 79039 )

      How come there is no GUI options to set these?

    • by AmiMoJo ( 196126 )

      They should make a UI for this, similar to the one for blocking pop-ups.

      In Chrome you just go to Content Settings and untick "notifications", then all sites are blocked from even asking.

  • by habig ( 12787 ) on Tuesday April 02, 2019 @04:33PM (#58374454) Homepage
    TFA pops up "Will you all www.zdnet.com to send notifications?" in an article about how the things are so hateful Firefox is rolling out a way to stop them. While they can be easily ignored, I've never once clicked "yes" and can't imagine doing so. Stopping them is a feature I'd enable.
  • by quag7 ( 462196 ) on Tuesday April 02, 2019 @04:49PM (#58374560) Homepage

    I want to see web sites stop popping up their crappy interstitial pages I have to click through to get to contact, almost all of which implore me to subscribe to their stupid e-mail lists (not happening, ever, specifically because of how they pushed).

    I want to see websites stop forcing me through "OMG LOOK AT ALL OUR NEW FEATURES" slides every time I log in.

    Put a lil.

    A lil.

    Flashing thing on the side or something. But get the fuck out of my face.

    ALL autoplay bullshit must end (fuck you cnn.com. I mean fuck you for about a hundred other reasons but especially fuck you for that.)

    The sheer number of browser extensions I install to try to protect what is left of my privacy and stop apeshit web developers from engaging in screen bukkake has become absurd.

    This is not what the Web was supposed to be.

    And *yes*, I would be fine with about 2/3rds of the damn Web collapsing for want of ad revenue if what was left was clean and user-friendly. I have reached that point.

    I'M MAD PEOPLE.

    A CRAZY, MAD, WILD-EYED, BIG-BOTTOMED ANARCHIST.

    I WAS HERE EARLY AND YOU WILL HEAR ME.

    (they will not hear me. no need to point that out.)

    • Hallelujah, brother... preach it.

    • by AmiMoJo ( 196126 )

      Why do marketing and UI people think that forcing you to look at things is a good way to make you want those things?

      Not just web sites. Some apps do it, some operating systems do it, many many games do it (the forced tutorial and radio buddy).

      If they must do it at least offer a way to skip with one click.

  • I'm legitimately curious. I've never allowed a site to push anything, but the feature exists and presumably some people use it. Including people here.

    So, what notifications do you allow?

If you have a procedure with 10 parameters, you probably missed some.

Working...