Hi, ----- Original Message ----- From: "Lucas Adamski" <[email protected]> To: "Jared Wein" <[email protected]> Cc: "Asa Dotzler" <[email protected]>, "Kev Needham" <[email protected]>, "security-group group" <[email protected]>, "Madhava Enros" <[email protected]>, "Stephen Horlander" <[email protected]>, "Justin Dolske" <[email protected]>, [email protected] Sent: Monday, April 2, 2012 5:28:23 PM Subject: Re: Opt-in activation for plugins (aka click to play)
> To be clear that's a 30 day sliding window from last time content was played > there. So if you visit a given site with plugin content (say youtube.com) at > least once every 30 days, you conceivably should not see > that prompt again > unless you become vulnerable to a security issue. > Also, to be honest I'm picking arbitrary numbers like 30 days and 4 times > mostly to stimulate conversation. :) in general, the sliding window approach is a pretty cool one - it removes my biggest objection to these sort of 'doing something X times leads to magical implicit outcome Y' proposals - that the user will be permanently opted in forever (possibly with no way to revoke this decision). i'll defer to UX and product on the details, but i think not making this opt in _permanent_ is desirable. thanks ian _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
