Re: Disabled cookie micro-management feature causes various problems

On 04/02/2016 17:54, Hugues de Lassus Saint-Geniès wrote:
> Dear Firefox developers,
>
> Since the patch for bug #606655 "Remove "Ask me everytime" cookies
> option" was merged into Firefox 44 release, many comments have been made
> on Bugzilla about the problems caused by the loss of such a functionality.
>
> I will try to summarize a bit some of what has been said on the tracker:
>
> The option was somewhat bogus (see bug #365772)
That bug indicates it broke sessionStorage completely. In ways that 
broke websites and that you couldn't recover from per-website without 
turning off the functionality entirely.

>   and it had a pretty bad
> UI, plus it was apparently unmaintained.
It also had stability problems (ie, it caused Firefox crashes), wasn't 
really an effective way of giving people control over their experience, 
and would have been even more problematic once we enabled multi-process 
Firefox.

> Those inconveniences were outweighed by the fine-grained cookie control
> it gave the users.
>
> The functionality was useful for many, plus it was instructive as it
> would show which cookies were set by which domain.
You can still see which domains set which cookies through various means 
(page info, the preferences, the network inspector in devtools, 'cookie 
list' in GCLI (shift-f2), add-ons...). That functionality has not gone away.
> It was one of the few differentiating factors between Firefox and other
> browsers. Someone even said that many everyday users - not powerusers -
> liked the feature and switched to Firefox thanks to it.
Is there data about this and how many people were involved? Do you also 
have data about how many people stopped using Firefox because they 
changed the setting without really understanding it, then found there 
browser unusable and gave up in despair? (see also 
http://limi.net/checkboxes-that-kill/ )

"Differentiating" is really just a fancy-ification of "different", with 
an implication of "better". I disagree that there were or are "few" such 
factors - that is, I think there are quite a number! - but not everybody 
benefits from each of them. Clearly, you benefited from this one and 
presumably not from some of the other ones.

However, if we couldn't remove anything that was making us different, 
that would severely restrict our ability to innovate. Our library 
(bookmarks + history + downloads manager) is different (and arguably 
better) than that/those of other browsers. Does that mean we can't 
change it? Does that mean that for any such "different" piece of UI or 
functionality, we can't make decisions about which parts of it are more 
or less desirable and therefore should be kept/axed/replaced?

Even if we accept that we want to increase the number of differentiating 
factors, we also need to ensure that we can remove old things that 
nobody uses anymore. Until Firefox 32 (only released about 1.5 year 
ago!), we had a hidden pref to disable frames ( 
https://bugzilla.mozilla.org/show_bug.cgi?id=1013457 ). No other 
browsers I know of had such functionality anymore - should we have kept 
that?

Purely the fact that it's different and that there might be niche 
usecases is not enough justification to keep/implement functionality in 
the core browser.

> Now the bare options are very limited, and the default setting for those
> who were using the "Ask every time" option has become "Accept" instead
> of "Reject", which would have been the safest option for privacy matters.
> Many websites are broken when one selects the "Reject" option,
... which is presumably why people were migrated to 'accept', rather 
than 'reject', because effectively breaking their internet access and 
then leaving them to dig through the options to figure out how to fix it 
would have been a pretty bad idea.

Note also that we still give you separate control over third-party 
cookies, and so "accept" and "reject" aren't actually the only options.

> Extensions such as Privacy Badger or Cookie Controller are presented as
> an alternative, but they either make use of public white-lists or have a
> rather old UI.
Sorry, but the 'ask me every time' cookie dialog UI hadn't been updated 
for at least 5 years, maybe closer to a decade. "old UI" doesn't sound 
like a great reason not to use something if that was what you were using 
before.

If there is sufficient demand for this degree of control, I'm sure folks 
who want it will write/update add-ons for it and provide better UI.

> Firefox communicates a lot on protecting its users privacy, but this
> update seems to head in the opposite direction, giving less control to
> its users.
I would say that we are removing something that pretended to give you 
control, but didn't really (and had a whole host of other downsides).

The underlying assumption here is that it is possible for a user to 
assess whether you should accept a cookie based on the modal dialog. 
That is fundamentally not the case because you cannot know a-priori 
whether that cookie is used "just" for tracking or for login 
functionality. Yes, cookie names give you some clues, but only if the 
programmers were kind to you and not misleading (which is an 
unreasonable assumption if you also want to use this functionality to 
stop 'malicious' use of cookies). The only way you can really know is if 
you look where it is sent/used, which you don't know at the point when 
it's set, which is when you were interrupted by a modal dialog asking 
you what to do.

The old model also involves everyone making these decisions manually all 
the time, when those decisions could be shared out meaning people can 
spend more time doing what they want to do instead of trying to decide 
what to do about cookies. The shared keeping of lists for things like 
this as a model has proved thousands of times more successful if you 
look at add-on usage of things like Ghostery, Disconnect.me or Adblock 
Plus and its block lists. Very very very few people have the time and 
energy to spend hours or days of their time over the course of a year 
just to micromanage their cookies, especially when they are such a small 
part of what tracks you on the web today.

In a certain sense, this boils down to a very basic principle: Firefox 
should not burden the user with extra/complex choices when we can reduce 
those choices to simpler ones. Blocking images, JS or cookies 
specifically are all really proxies for higher-level user intentions, 
whether it's avoiding tracking, reducing bandwidth consumption, or 
testing website behaviour as developers. We should make (and are 
making!) tools and options that cater to those high-level intentions and 
take care of the mechanics "as if by magic", instead of forcing users to 
learn about the machinery of the web just to get Firefox to "do what 
they mean".

~ Gijs