Downgrading the prompt to a non-popup icon in the address bar unless it follows a user action sounds like the perfect balance.<p>This won’t entirely stop sites which are properly trying to request the permission in the worst case, and the navbar icon is unobtrusive enough that if it gets spammed it’s no big deal.<p>Actually I think it makes sense to persistently show the notification icon in the navbar once the permission has been granted (same with mic, audio, and anything else) providing a quick glance at any privs that have been granted and an obvious way to revoke them.<p>The icons would then need granted and non-granted states, and perhaps even three states;<p>- Black : requested but not authorized<p>- Black with green check : granted<p>- Grey with red x: requested and denied
> Most prompts are dismissed, while almost 19% of prompts caused users to leave the site immediately after being confronted with them.<p>Guilty. I've started taking requests for permission to send push notifications as a strong signal that I've accidentally clicked on clickbait.
Serious question though: has anyone here ever used the notifications for anything other than web based IM (slack, whatsapp)?<p>I think the use case for legit notifications is very small, thus the UI should be an opt-in, rather than an intrusive pop-up.<p>I never understood why browser makers gave it such a prominent UI, and of course in this attention seeking market it was bound to be abused. The new UI that Firefox is suggesting in the article is good, this should have been like this from the first day. I hope other browser vendors quickly follow.
It's insane that the two visible options are "Not now" and "Allow notifications" while 99 percent of the time I want never bother me again, in fact disable this feature entirely. I clicked yes exactly 3 times (my own Nextcloud instance, Protonmail and Whatsapp web), I'd be happy to do some more clicking to enable those at the "cost" of never being bugged again.
There is one more reason why the acceptance rate of notification prompts is low (3%), other than the two points mentioned by Mozilla.<p>THAT reason is that simply people do not want to be notified. They value their attention in these times of constantly being bombarded by attention seeking prompts, ads and notifications, that if asked, people surely chose not not being bombarded more.
This “feature” is abused terribly around the web. For every site with useful notifications like gmail, there are 10 which misuse it. Yesterday I had the misfortune of misclicking on the prompt from a website. I started getting notifications like “YOUR COMPUTER IS INFECTED WITH A VIRUS”. Turning off notifications for that website took at least 4 clicks through Chrome settings. Good to know there is a setting to turn it off completely on Firefox. If I personally actually wanted notifications from a service, I’d install the mobile app.<p>Second, Mozilla seems to use telemetry data responsibly and well. Turning <i>off</i> notification prompts by default can’t possibly be done unless you have the data on acceptance rate on different types of prompts. If you’re making such decisions based on your intuition you’d likely get it wrong.<p>I ask the folks on HN who constantly criticise the collection of such telemetry, what did I lose as a user when Firefox collected this anonymised data? More importantly, how would you have made a decision here without the data? Intuition? (I’d request that no one reply with platitudes like “with enough data nothing is anonymous” and “you’re making a nothing-to-hide argument”)
I'm still shocked that anybody thought the first generation implementation of this (in any browser, not specific to Firefox) was ever a good idea. I can see making the request visible to the end user, but... <i>as a dialog</i>? Why?<p>At least make it a narrow bar across the top/bottom that doesn't obscure web site content and can be easily ignored. Perhaps better would be to make it a button like there is a button to favorite/bookmark a site. A dialog isn't even near the top of the list of good designs.
Just a couple weeks ago i was helping "disinfect" an android phone for a acquaintance (shopkeeper) here in India.<p>The "virus" in question was chrome notifications for spam/porn/malware probably from malvertisements embedeed in some websites. It took me several minutes to locate and disable them. You would think that chrome on android would give an option to disable an offending notification from the notification bar but no, you have to go digging in the chrome settings and scan through the permission list to find the offenders.<p>While i certainly think it is a useful api needed for the free web(i still prefer websites over apps which are essentially websites with undeleteable hypercookies), Mozilla and Google need to do a better job protecting the literally billions of people who are less literate (either in tech or english) from the cesspool that is online media.
It would have been better if the notification API never existed and RSS had become the de facto standard for subscribing. The only good use for a notification API is urgent information, almost nothing on the internet qualifies. Giving everyone the power ruined the whole thing.
Good work from Mozilla, but it won't help prevent those sites that pop up a HTML modal asking you to subscribe by email AND then a few seconds later pop up another HTML modal asking to send you notifications to keep you up to date AND then sliding in something from the bottom with "relevant" posts AND maybe also slide something else in from the top or sides with some other thing that just ends up blocking the content you're actually interested in reading....
Maybe I missed it but I don't see a discussion about how the majority of sites are actually showing a "pre-prompt" for notifications before triggering the actual prompt from the browser. This is similar to how apps ask you to rate them using some internal UI and only if you rating is the desired one (5 stars) send you to the app store so you can rate them there.<p>With the notifications a 3rd party script is used to display a Yes/No prompt for notifications and only when you click yes on that prompt it triggers the browser's yes/no prompt. This allows the site to show you the notification request on each session while if they used the browser's native prompt they could only show it once.
Websites should not ask users for permission notifications. It only annoys the people using it. It is a bad idea!<p>If users are interested enough in your content, they will find a way to opt-in for notifications like email; an opt-in for notifications button or even RSS. Why would website owners assume that users want to get notifications only after 5 seconds of visiting a random site?
Notification requests are really saturating my patience. I appreciate the Mozilla/Firefox efforts for creating a user-first browser, with this and past features.<p>I always avoided (or at least I try not) to provide any telemetry data, but in the case of Firefox, if these are the kind of improvements we may have, maybe I will opt-in for anon telemetry.<p>Is the voting-with-your-wallet era moving into voting-with-your-telemetry era?
I think that no matter what solution the browsers decide on, we will always have to fight the “pre-permission prompts” from websites. These are the homemade prompts in JS and html that the sites pop up that essentially ask if you want to be prompted for the real permission. Once you click accept on their dialog, they hit the real browser api to show the native dialog.
Yes! I hate the notifications prompt showing up on the landing page of a website. I definitely support the browser blocking nuisances until there's user interaction, things such as: sound, videos, popups, and request for permissions.
It's slightly unfortunate that after reading this I went to <a href="https://developer.mozilla.org/en-US/docs/Web/API/notification" rel="nofollow">https://developer.mozilla.org/en-US/docs/Web/API/notificatio...</a> to read up about them, and immediately got an unsolicited "allow notifications?" prompt.
Hmmm - I can see how this is a good thing for the notification permission (there are far too many news/blog sites starting with that request) - but it looks from what they're saying that microphone/camera will still use the old method. Won't that be a bit confusing?<p>As an aside I've often wondered why cookie permissions couldn't be moved to a similar model? It would create a much more consistent experience instead of the popup insanity we currently have across Europe...
About time. Introducing a feature like this without a "Go away, and never come back!" button was a big UX fail IMO.<p>On a related note, seems like desktop notifications would be a great venue for remote code exploits. Have there been any yet?
As a user, I don't even really understand what a "notification" is but it sounds annoying. I don't think I've ever allowed them when prompted. I didn't realize until reading this that I could disable these prompts entirely, but I have just done that.
Straw proposal: Get rid of the whole system of permission prompts completely and instead introduce a special input element for each permission.<p>Example: Instead of calling a JS API to show a prompt for push notifications, you'd embed an [input type="push-permission"] element in your page. This element would render as a special button that grants you the permission once the user clicks on it.<p>However, embedding it into a context where the user would actually <i>want</i> to click it, is your responsibility.<p>It would still be possible to spam the user with "self-made" overlay popups, but this is already possible today. The button would also need protection against clickjacking, which, I think, can be done by restricting how it can be styled or layered.
I feel that browsers are really getting permissions horribly wrong. The prompts often look very similar to each other (no icons) regardless of what they are for. Some permissions are detectable, others are not. When a site tried to use a function that's blocked, the notification in the browser is often easy to miss, leaving users wondering why the functionality isn't working.<p>If it were good:<p>1. Users would be very aware of the request or attempted use for any permission.<p>2. Users would be able to easily ignore that request without the permission prompt interrupting them.<p>It seems that browser vendors are struggling with a fairly simple UX problem.
I welcome this change. Notification prompts have lately become the new popups. Almost every WordPress blog under the sun now is nagging for notifications.
In my opinion, notifications are poor UI solution:<p>- they distract attention<p>- they obstruct content below<p>- they disappear quickly<p>Also this allows the site to monitor whether user's computer is on or off even if all the tabs with the site are closed.<p>In Windows XP the way for an app to ask for user's attention was to highlight app's button on the taskbar (it also could flash several times which I never liked). While this is a little bit distracting too, it is still much better than Android-style notifications. With Windows XP, you can switch to the app when you have time.<p>Browser push notifications were designed with interests of developers in mind, not with interests of users.<p>A better solution might be to highlight the tab that needs user's attention and highlight browser's button on the taskbar.<p>On the other side, Android-style, annoying notifications might be easier to notice and understand for users who don't understand computers well.<p>I think Firefox devs should also consider switching from Android-style distracting notifications to time-tested solution from Windows XP. I don't think the ideas from the article will work.<p>For example, they suggest to show an icon in the address bar but there are already too much icons and users might not notice it. And if you allow to show permission popup only after click, then sites will show it after you click anything.
The article doesn't seem to mention this, but you can already disable popups for notifications in Firefox.<p>1. Go to Preferences, Privacy & Security<p>2. Scroll to Permissions > Notifications, click Settings...<p>3. At the bottom of the dialog window, check Block new requests asking to allow notifications<p>The permissions already granted will still work.
>> Most prompts are dismissed, while almost 19% of prompts caused users to leave the site immediately after being confronted with them.<p>Finally! Some numbers from a respectable source showing that most pop-us are bad for user engagement.
god forbid you leave firefox set to never remember history, you don't get the option to block sites forever. So every time you hit a reddit link it will gleefully present you with a prompt about notification permissions.
I feel like Solution 1 is pretty close to what I see as the "solution".<p>I think for commonly requested permissions that are not commonly accepted, they should just use a smaller, more discreet icon for notifying the user; one that doesn't hang down over the chrome and block/cover up the site. That way, it can be easily ignored.<p>It should be more obvious than the one they're using in that solution. Maybe something equivalent to an icon next to the refresh button or something. The text icon they had in #1 was probably /too/ easy to ignore.
“Reduced” should be “zero”. Prompts are fundamentally broken; they replace simple interactions with “STOP, answer this question NOW!” scenarios. A sensible solution would be: <i>automatically deny by default</i> because sites don’t really need to be asking up front! They can either give you another way (e.g. button/field) or they don’t have business querying this in the first place.<p>Simple example: On one site I used to just type in my zip code (easy but explicit transfer of information) and it immediately zoomed a map to my specified area. Then one day they changed it to magical location tracking; now, before I can even enter the stupid zip code (still an option and all I ever want), I get a “STOP! Share location!?!?” kind of interaction first. I have to find it, close it, then enter a zip. I had the zip code in my head and would be able to type it in a second with no delay but instead, I am distracted. Or maybe I was copying and pasting. Everything about immediate form access was efficient.<p>All prompts have this problem. The potential for a prompt out of the blue makes direct actions slower, and any other case where a prompt might appear is going to be an undesirable interruption telling you about things you didn’t want happening anyway. User agents should be saying No to unreasonable requests <i>for</i> me, like a good manager.
I don't want to receive notifications from any site nor grant any permissions to any website ever. Perhaps some people want to grant permissions and to receive notifications from some websites but it seems obvious that will always be about just a small selection of favourite websites. So I doubt it even is reasonable to pop anything up, just make subscribe/allow buttons easy to find yet waiting for the user passively.
It still boggles my mind how over engineered that prompt is in Firefox [1]. And glad to see that the new prompt follows Safari’s simple “Allow / Disallow”.<p>[1] Of course I got into a shouting match on Twitter about it some time back: <a href="https://twitter.com/dmitriid/status/920293887746433024" rel="nofollow">https://twitter.com/dmitriid/status/920293887746433024</a> and <a href="https://twitter.com/dmitriid/status/920373234104700931" rel="nofollow">https://twitter.com/dmitriid/status/920373234104700931</a>
The notification prompt should be a good lesson in feature creep for browser vendors. Pretty much applies to all "engagement" features: If you build it, it will be abused.
I wonder how many of the currently-accepted prompts are already in response to user interaction. If it's most of them, then the first option would still be reasonable.
Good. The whole notifications thing is BS as it’s used on most of the web and is actively exploited and there’s no “don’t show this again” prompt to be found anywhere. The only sites that do it gracefully show a cookie-consent-like floating div that pops the prompt up if you accept it. I have honestly been looking into completely disabling the whole thing but despite Safari being quite good usually, there is no option to do that anywhere to my knowledge.
I think there should be a difference between sites which the user is merely browsing, and sites which a user is actively using. The former shouldn't be able to show popups, while the latter may. Moving a website from "browsing" to "using" state could be done with a (small) button in the top bar. It's in a sense like "installing" an app.
The UX pattern that should be observed is preflighting -- ask the user if they want notifications from within the webpage (if appropriate, obviously) and let them know it'll prompt a browser dialog. If they say yes, you're good to go. It's an extra step that significantly improves both conversion and experience, often used in mobile.
Global setting: “I will never choose to receive notifications from a website.” Linked directly from that popop.<p>Sorted.<p>Chrome already does this right with language translation: “do you want to translate this website?” “No”/“Never translate this site”/“Never translate French”<p>Do that with notifications And well never need to see that prompt again.
It's completely rude to send a browser notification prompt without prior warning. The solution to this is html notification prompts that only trigger the browser notification prompt when the user clicks on them. They aren't as intrusive. That's what I use on my wordpress site.
While we're at it, some sort of "always opt in or opt out of cookies" standard would be very nice. I'm really tired of sites asking for permission. Forcing companies to ask to use cookies was a mistake, cookies on/off should have been a browser feature first.
If a website presents a pop up to me asking if I want notifications, I click yes <i>then</i> I click block when the browser dialogue appears. No more notification pop ups on that site.<p>I realize I can categorically block all notification permissions, but there are some sites where I want to allow them.
Is there a plugin or setting to auto reject these in firefox and/or chrome? Notifications are something I will never want from a website, and most of the time its as annoying as a popup. No, random news site for somewhere I don't live, I would not like your notifications.
These notifications can in a way act as a sort of adware. I had family friends who complained of pop ups on their laptop advertising dodgy products. Turned out they'd accidentally dismissed one of these with an OK and was being spammed in the desktop environment via Chrome.
IMO, it makes more sense to require that the permission prompt is tied to a button instead of directly triggered by a script.<p>IE, the only way to display the permission prompt is to put a button on the page, and then the permission prompt is only shown when the user clicks the button.
First thing I do on a new Firefox install (among other things) is disable all new requests for Alerts. I've never wanted a website to send me alerts, and I've never met anyone who wanted them. Who is the audience for this?
> <i>User interaction is a popular measure because it is often seen as a proxy for user consent and engagement with the website.</i><p>“This site uses COOKIES! Click here to brush off this interruption and be presented with the page proper.”
Those omnipresent dialogs are a cancer on the web. It was the worst idea ever.<p>I actually can't believe the browser vendors made basically the same mistake as the obnoxious JS "alert()"
I would be happier if Firefox dropped the prompts "feature" completely. Just ignore it. Less code, less dependencies, and less hassle for everyone involved.
The name notification permission is misleading. Because what it actually does is run <i>any</i> code from websites you aren't even visiting currently.
Most sites today display cookie or GDPR popup, such sites could abuse clicking OK or Cancel on such popup as the user action that triggers enable notifications.
I don't understand what is wrong with the folks over at Mozilla. Are they stupid, or are they taking bribes?<p>How about an option for, "No, I don't want notifications from any website, ever!"<p>How about an option for, "Don't auto-play video, including silent video, ever. Not audio either. Never. Just don't."<p>How about an option for "I know what cookies are. Never, ever warn me about them again. Ever."<p>I don't know if the devs are just young and inexperienced, or if they are truly brain-damaged, or if they are corrupt and some advertiser said, "Here's a million dollars to leave those notification prompts in, heh, heh, heh".<p>At this point it's like smoking in movies. There has to be some cigarette maven with a pallet of cash going into the production office on the back lot somewhere, because otherwise why does every young director show all the 'cool' people puffing away on something that's going to waterboard you with COPD for the last 40 years of your life?<p>Mozilla, we don't want any of that shit. Fuck that shit.
Good opportunity to voice my displeasure about the update notifications! Sorry, IT SUCKS!<p>It is really annoying that Firefox forces me to read about complex policy settings to avoid this. I have reasons not being able to update on a certain computer at certain times. (Already blocked the update checks, `# prevent Firefox update checks
127.0.0.1 aus5.mozilla.org`, but it seems I still have notifications).
I wish Mozilla would use this as a profit opportunity.<p>Pay a fee to get your domain whitelisted for features like fullscreens, notifications prompts, etc.<p>Part of the fee goes to handle complaints, if your site gets too many complains or is found to violate policies your sites permissions are revoked and you need to remedy the situation and apply again.<p>If Facebook can responsibly handle not sending me notifications I don't need they won't get any complaints from me. But if they notify all users about a useless auto-generated-end-of-year-movie they made, then perhaps they'll loose permissions.<p>For certain features it wouldn't be unreasonable to require that sites are vetted. There could be tiers related to how many uses you have, such that small companies aren't locked out.