browser notifications, Chrome, Firefox, Information Security, Mozilla, notification spam, Organisations, push notifications, Top News, Web Browsers

Firefox draws battle lines against push notification spam

Mozilla doesn’t yet know how to solve the problem of website push notification spam in the Firefox browser, but it wants you to know it’s working on it.

If you’re a sentient web user, the push notification phenomenon needs little explanation: visit a site and it almost immediately throws up a prompt that asks you whether you’re happy to “allow notifications.”

Unlike other annoying website pop-ups, push permissions are powerful because they can activate even when users are not on that website.

In extreme examples, they’re deployed by scam sites as a way of pushing fake extensions and rogue sites, unleashing today’s equivalent of the endless adware pop-ups that used to swarm browsers.

Push notifications have become so ubiquitous that Mozilla’s own telemetry suggests they are now by some distance the most frequently shown permission request, generating 18 million of them in the month to 25 January for a sample set of its users.

Only 3% of users accepted the prompts, while one in five caused visitors to leave the site immediately. This is at odds with other permission requests, as Mozilla’s Johann Hofmann explains:

This is in stark contrast to the camera/microphone prompt, which has an acceptance rate of about 85%!

It’s a bombardment that, at best, delays users and at worst drives them away from sites.

Why do websites over-use push notifications?

Because the web is cutthroat and sites think they need to employ all the attention-grabbing tricks to survive, even if that means annoying most users, most of the time.

It’s an example of what is known as ‘the tragedy of the commons’. While each site is behaving rationally in its own interests, if every site does the same thing, the outcome undermines their collective interest.

Firefox experiments

Push notifications were enabled in Firefox 44 in early 2016 via the same Notifications API that Chrome uses (other browsers use similar APIs).

But here’s the strange part of this story – Firefox already offers a way of controlling new push notification requests but users either don’t enable it or are confused by the setting.

In our experience, the global setting (Options > Notifications > Settings > Block new requests asking to allow notifications) is too nested for people to notice it and often doesn’t seem to work.

That’s partly because the simplest option to block all notifications would be inconvenient, for example stopping Gmail users from being told that a new email has arrived. Or perhaps there are other settings in the API that allow sites to bypass Firefox’s blocking of new notifications.

From 1 April to 29 April Mozilla said Firefox Nightly for version 68 and Beta for version 67 will experiment with new settings.

During this time, notifications won’t display unless the user clicks or presses a key while on the website in a way that signals interaction. Sites won’t be able just to bombard casual visitors with notifications. Mozilla will also test two other settings:

In the first two weeks of this experiment, Firefox will not show any user-facing notifications when the restriction is applied to a website.

Then, in the second two weeks of the experiment:

Firefox will show an animated icon in the address bar (where our notification prompt normally would appear) when this restriction is applied. If the user clicks on the icon, they will be presented with the prompt at that time.

Mozilla admits it doesn’t yet have enough data to judge which approach is the best, or even whether a new one will be needed.

But the mere fact it is even trying is at least something to grab hold of for the millions of users slowly being driven crazy by sites’ desperate need for eyeballs.

Source : Naked Security

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend