On 25/06/2013 5:29 PM, Gervase Markham wrote:
On 17/06/13 21:48, Drew Willcoxon wrote:
Toolkit already has a thumbnail module, [PageThumbs], but it can only
capture thumbnails of open content windows, same as they appear to
the user. Windows may contain sensitive data that should not be
recorded in an image, however, like bank account numbers and so on,
so Firefox uses some [heuristics] to determine when it's safe to
capture a given window.
Can I challenge an assumption here? I'm not sure I know of a website
which puts up sensitive data large enough that it would show up on a
thumbnail.
There is evidence users find this troubling - eg, bug 762610 reports
that a couple of users wrote to the mozilla webmaster about this. While
it may just be a perception, it seems a perception worth managing. And
even if someone can't read the exact bank balance figure, they might be
able to count the columns, or see the balance is written in red.
And even if it did, it's my browser on my machine.
It's not that uncommon for people to "borrow" a machine that happens to
sit in, say, a living-room. If a guest in our house jumps on our
communal "family machine" to (say) log into their bank or quickly check
facebook, I'd expect them to be uncomfortable if their bank screen or
photos from their facebook feed remain as thumbnails after they are
logged out.
Do we have actual examples of where a thumbnail becomes dangerous?
"dangerous" seems an unreasonably high bar for this. Making our users
"uncomfortable" would seem a reasonable trigger.
Could we consider using blurring, or just using the favicon, instead of
this seemingly highly complicated parallel request infrastructure?
I'd guess that blurring enough to obscure a red "account balance" figure
or to render a photo from Facebook completely unrecognizable would look
fairly ugly. Ditto for scaling up a favicon - although I must admit I've
never tried either of these options. Hopefully someone from ux could
weigh in here...
Mark
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
