Hi, ----- Original Message ----- From: "Lucas Adamski" <ladam...@mozilla.com> To: "Jared Wein" <jw...@mozilla.com> Cc: "Asa Dotzler" <a...@mozilla.com>, "Kev Needham" <k...@mozilla.com>, "security-group group" <security-gr...@mozilla.org>, "Madhava Enros" <men...@mozilla.com>, "Stephen Horlander" <shorlan...@mozilla.com>, "Justin Dolske" <jdol...@mozilla.com>, mozilla-dev-secur...@lists.mozilla.org Sent: Monday, April 2, 2012 5:28:23 PM Subject: Re: Opt-in activation for plugins (aka click to play)
> To be clear that's a 30 day sliding window from last time content was played > there. So if you visit a given site with plugin content (say youtube.com) at > least once every 30 days, you conceivably should not see > that prompt again > unless you become vulnerable to a security issue. > Also, to be honest I'm picking arbitrary numbers like 30 days and 4 times > mostly to stimulate conversation. :) in general, the sliding window approach is a pretty cool one - it removes my biggest objection to these sort of 'doing something X times leads to magical implicit outcome Y' proposals - that the user will be permanently opted in forever (possibly with no way to revoke this decision). i'll defer to UX and product on the details, but i think not making this opt in _permanent_ is desirable. thanks ian _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security