----- Original Message ----- > From: "Lucas Adamski" <ladam...@mozilla.com> > To: "Jared Wein" <jw...@mozilla.com> > Cc: "security-group group" <security-gr...@mozilla.org>, > mozilla-dev-secur...@lists.mozilla.org, "Kev Needham" > <k...@mozilla.com>, "Madhava Enros" <men...@mozilla.com>, "Stephen Horlander" > <shorlan...@mozilla.com>, "Justin > Dolske" <jdol...@mozilla.com>, "Asa Dotzler" <a...@mozilla.com> > Sent: Monday, April 2, 2012 5:28:23 PM > Subject: Re: Opt-in activation for plugins (aka click to play) > > On Apr 2, 2012, at 5:16 PM, Jared Wein wrote: > > > ----- Original Message ----- > >> From: "Lucas Adamski" <ladam...@mozilla.com> > >> > >> ... > >> • User is tired of always clicking to play a given plugin (i.e. > >> YouTube, or their favorite Java game site) > >> • A user has clicked on this four times in 30 days, so > >> automatically enable this plugin on this site up to 30 days > >> after > >> last played or until user revokes this permission > >> (about:permissions?) > > > > I think we should go with a simpler and more predictable model of > > providing a checkbox that is default-unchecked which remembers the > > setting on a per-site basis. If we want to expire permissions, I > > think we should do it on a longer timeline, more in the range of > > 3-6 months. > > > > - Jared > > How would you implement a checkbox in a normal click-to-play > (in-content) experience? > > To be clear that's a 30 day sliding window from last time content was > played there. So if you visit a given site with plugin content (say > youtube.com) at least once every 30 days, you conceivably should not > see that prompt again unless you become vulnerable to a security > issue. > > Also, to be honest I'm picking arbitrary numbers like 30 days and 4 > times mostly to stimulate conversation. :) > Lucas.
We can put checkboxes in the plugin overlay, similar to what we have for crashed plugins. When the overlay is too small to use we can add secondary options in the doorhanger dropdown for users to choose to remember the settings. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
