Extensions whitelist
By glazou on Thursday 18 May 2006, 14:32 - Mozilla - Permalink
I just spent a while discussing with the representatives of a french company having an interesting issue with Firefox : the way firefox blocks the installation of an extension coming from an unrecognized web site is a serious problem to them... Given the stats of their web site, only one out of five persons clicking on the link "install extension" really downloads the extension, and is able to understand the extension blocker line and add the current site to the white list. I know it will sound difficult to accept to many of you, but I am absolutely convinced that ratio is the reality. First a lot of people probably don't even notice the blocker line above the page content. Then many people certainly don't understand the concept of a whitelist and/or are unable to grok the fact they have to click a second time on the list to eventually download the extension...
If the blocker blocks so well extensions that people don't install them, Then it certainly deserves a much better UI with an alert/dialog instead of the current status line borrowed from the popup blocker. And adding the current site to the whitelist should trigger the xpi download and install instead of requiring a second click.
Comments
But if XPI installation requests can pop up a modal dialogue, malicious sites can effectively lock up your browser.
Couldn't agree more, including on the whitelist concept.
I'm sure most non-techie users don't even understand what an extension is. They know that if they click on the link they can somehow add the functionnality they just read about.
If you put a non-obvious status line, a whitelist and two clicks in the way without much guidance, I'm not surprised that indeed only 20% of them ends up installing the extension.
The whole point of the whitelist is to prevent websites from popping up a dialog; additional UI defeats the point. I'm not convinced that we want to be encouraging users to install extensions from websites instead of from addons.mozilla.org.
bsmedberg: the comment is not about the whitelist itself. The comment is about the invisibility of the blocker line and the complexity of the whole thing : try to install, see blocker line, click on button, read dialog, accept site, close dialog, reclick on install, accept xpi, and so on. The whitelist MUST remain. The blocker line is counterproductive if people don't see it.
And a 1/5 ratio is SCARY for companies providing extensions for a living.
When you open a dialog, users will just train muscle memory and click on the Accept button without thinking things through. Granted, the delay before enabling the button is a Good Thing, but I fear changing the current way might mean more unwanted extension installs.
Clicking twice on "Install" is the major problem. I suspect the user expects to only have to click "Install" once.
Why couldn't the extension be installed immediately after dismissing the security dialog with "Close" (or even clicking "Allow")?
The browser should know that the overall goal is to install an extension. By "failing" after the user changes the security parameters, the browser gives the impression that something is broken.
Sure, why not simplifying off-AMO installation to (1) click on the link which produces the flashy warning bar at the top, (2) click on the button on the bar which opens a drop-down with the options "Ignore/Dismiss", "Install this extension", "Install and add this site to the whitelist" of which the user (3) chooses one. Not too intruding and still visible enough and acceptably simple to handle. Does there already exist a bug for this issue?
One thing I've noticed watching non-technical people use computers is that they only see a very small area of the screen at one time. This needs to be taken into account when designing user interfaces like this.
I agree with matt. Reclick the install is a major thing here. I remember the first time I had to install an extension. I didn't understand immediately I had to reclick the install.
Now I drag-n-drop the link in the extensions dialog, which bypasses the whitelist.
sure this has to be enhanced, even me who is quite "techie" have always to remind that I have to click again on install.
Simon's solution seems the better to me but I'd change the last wording to " Install and always allow installation from this site" which should be more understandable to most users than whitelist
See bug 252830 for a related discussion.
Just to double check the friggin obvious, is it certain that everyone who sees that page is, in fact, using Firefox?
Why we can't just allow the user to install extension. Once. Without any other "whitelisting". Just install, not "add the website to list of domains that are allowed to install extensions from"...
I completley agree that something has to be done about this. One thing that would help a lot would be to have more websites on the whitelist in Firefox out of the box. Sites like *.mozdev.org, extensionsmirror.nl, customizegoogle.com, and other sites known to not pose a security risc should already be on the whitelist when I install Firefox.
Oh, and please also let me use * in adresses that I add manually (like the mozdev example above).
As bsmedberg said, I still don't see where the overall advantage is in doing ANYTHING from a UI perspective that encourages novice or ignorant users to install something from places that aren't addons.mozilla.org.
A company providing extensions for a living can ship its extensions on a.m.o. Does this suck? Yes, but any UI where nonthinking users' default action is to "install" from random websites sucks far, far more.
The whitelist has nothing whatsoever to do with the trustworthiness of the site hosting the XPI to provide safe code, and everything to do with the trustworthiness of the site triggering the install to not put the user in a modal dialog deadlock where the only way to regain control of their browser is to agree to install an extension. The fact that nobody understands that, and still won't even though I changed the wording of the blocked prompt warning the other day, argues for getting rid of it, not for only allowing installation from AMO. Anyone who has listed an extension there can tell you, for hours and hours, why it's not acceptable as the only source of extensions.
Probably the best solution is to move the actual install prompt into the infobar, so that there's only one thing to look at and one button to click: either you want to install an extension, so you click the button to install it, or you don't, so you close the message or the whole tab on the site that tried to shove one down your throat.
pkasting: yes it does suck if the review process on a.m.o takes weeks - as it does today - because an extension can be already obsolete when it becomes public. That's the last thing commercial extensions providers want to see.
I think 50% is indeed due to the fact that people need to click the download link twice because the pop-up blocker blocks it the first time, then you have to whitelist (!) the domain (!) for all (!) extensions, and then you need to reload the page and click again!
Really very counter-intuitive if you ask me. Can't we have an improvement like this for Firefox 2?
Perhaps better UI would involve a bubble/balloon that appears in the webpage itself pointing to the link that was clicked. Though I appreciate that it's possible for a web page to trigger request for extension installation itself and perhaps that is the underlying problem.
Daniel: I agree, that's extremely poor from a commercial perspective. But really, that sounds like a request to make a.m.o. more streamlined, better-managed, etc., not a justification for doing something potentially dangerous to clueless users by default. Also, you should get in touch with Brian Ryner, who has some sort of technique that makes use of a.m.o. to allow for successful installs of extensions that aren't hosted on a.m.o. -- that technique has been used for some Google stuff, I think. Contact him to find out more.