[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Design meeting 20211029
|
From: |
Michael McMahon |
|
Subject: |
Design meeting 20211029 |
|
Date: |
Fri, 29 Oct 2021 11:46:23 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Icedove/78.13.0 |
- Website
- Site changes with wrapper names. It is now a matter of setting up
auto deployment.
- Sent an email to Ana. There might have been some issues. The
descriptions generated from the comments, the list are not generated
properly. It would be great if you could go through the generated
documentation. There are two possibilities. You can fix the generator
and create the markup that should be there or we can change the comments
in the source code to match the possibility of the generators. If there
is another way to generate the lists, we could do this. We need to know
what is available and what is not.
- We updated FIT logo with the SVG you sent
- This is the latest version of the logo:
https://pagure.io/jShelter/jShelter/blob/master/f/website/theme/static/images/jshelter-logo.svg
- We updated the extension icons here:
https://pagure.io/JS-Shield/JS-Shield/blob/master/f/common/img
- Will review the generator and document any weirdness.
- Adding to TODO list and that should be an easy one.
- UI direction
- The latest issues about usability have to do with lack of
visibility of subframes and their status. Can be problematic when
subframes have different permissions. Not sure where to go from here.
- Now talking about nested frames in other frames with differing
permissions.
- For instance, brave is more draconian on third party frames than
top document frames. If the shield is lowered on top level to make it
work, this is not optimal from a security viewpoint.
- If the users do not have another blocker, there are lots of nested
iframes. They may not want to be fingerprinted by the third party
scripts. Maybe we should suggest using another block as well.
- Not sure how to represent this well in the UI.
- Aware that this is not very easy.
- If we show all of the origins and domains, maybe the users would be
overwhelmed.
- Should all third parties be kept the same?
- gmail for example is one domain and if they include something from
google domain it is technically the same party. This came up with the
voice call issues.
- Google ad services claim they do not use fingerprinting, but they
might.
- Somehow differentiate and offload to the user, but the user may not
understand.
- This is important and we need to make a decision. Probably need to
build something on top of the original proposal.
- UI and a11y
- Discussion about unifying the look of the extension and the webpage
design.
- The options page is the one you see after clicking "settings" in
the extension? Yes.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Design meeting 20211029,
Michael McMahon <=