Hate website ‘notification’ request spam? Firefox’s Mozilla wants to find a solution that works for developers and users

These days annoying website prompts asking users to approve notifications are a daily occurrence on desktop browsers. Open a page and boom, you’re asked if you want to see notifications about new posts from the site. 

Smartphone users have become accustomed to seeing notifications from apps they’ve installed but the feature hasn’t translated so well to the web, where web developers have demanded mobile-like notifications and in too many cases bombarded end-users with requests from sites that are of passing interest. 

The spammy notification requests became widespread enough that Firefox maker Mozilla to early last year release a feature in Firefox 59 that allowed users to block all notification requests. 

Chrome and Safari also allow users to block these push notifications but the settings aren’t easy to locate. Nor is Firefox’s. If a Firefox user wants to block all notifications they need to go to Preferences > Privacy & Settings and then click the Settings button next to “Notifications” to finally check the “block” option. 

Mozilla now wants to run two experiments to get to find an answer for “rationalizing push notification permission spam”.

Open many pages on the web today and this is the first thing you see at the top of a page.
Open many pages on the web today and this is the first thing you see at the top of a page.

 Mozilla's research using its telemetry data from Firefox beta release browsers in the wild found that of 18 million request prompts were shown to users between December 25 2018 to January 24 2019. Out of this sample, less than three percent of the prompts were approved by users. Additionally, 19 percent of prompts scared visitors off. 

By contrast, even more powerful prompts for access to a laptop's camera and microphone were accepted by 85 percent of users. 

Firefox developers suspect two things are going on: some websites are using the notification prompt in a way that doesn’t benefit the user; and that the notification permission happens too early, leaving users with little time to understand whether or not they could be fond of a site’s future content.  

Read more: US government shutdown leaves .gov sites with expired HTTPS certs

The first experiment will be run in the very early-stage release Nightly channel for Firefox 68, which will require a click or keystroke to trigger the notification request prompt. 

“User interaction is a popular measure because it is often seen as a proxy for user consent and engagement with the website,” contend Firefox developers.     

As of April 1 to April 29, Firefox Nightly will temporarily deny website requests for permission to use Notifications unless the request follows a click or keystroke. 

In the first half of the month long stage-1 test, Firefox won’t show users any notifications when the restriction is applied to a website. 

In the second fortnight of stage-1, users should see an animated icon in the address bar when the restriction is enforced. The user can then click on the icon to see a prompt asking if they would like to receive notifications. 

The second experiment entertains the idea that user interaction — clicks and keyboard strokes — isn’t actually a good proxy for a user’s willingness to see the notification. 

This experiment will be “short-running” test in the stable release of Firefox 67, due out in May, that aims to decipher the circumstances users interact with permission prompts. 

“Have they been on the site for a long time? Have they rejected a lot of permission prompts before? The goal is to collect a set of possible heuristics for future permission prompt restrictions,” Mozilla explains.

Read more: The week in review: Cybersecurity breaches named the biggest risk to business… and healthcare… and sports… and…

Mozilla clearly can't alienate web developers who want mobile-like notifications on the web, but at the same time, there's a very good case for finding a way to prevent web developers abusing a capability that is widely known to annoy users of its browsers and the web. 

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags mobilesmartphonesFirefoxmozillachromesafariweb developerNotifications APIpush notifications

More about Mozilla

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts