Closed kmahelona closed 3 years ago
emmaharris1975
commented
3 years ago This also happens with a site that I am developing:
https://churchrotadev.ddns.net/
I have checked the network and storage tabs and there appears to be no facebook related content
maxxcrawford
commented
3 years ago This issue is a duplicate of #783. Note that we released a new version of the add-on to only show this message on websites were Facebook resources have been detected and blocked.
lbruno
commented
3 years ago i'll comment on this bug rather than the previous, to avoid triggering another pile-up. :)
Your users might need to refresh previously visited pages. My repro-case was:
Result: the badge is still there. I've just updated to 2.3.1, by going to about:addons, and paypal's login form still shows the badge.
Expected result: no badge
Fix: I hit Ctrl-R, and the badge disappeared and didn't come back. I verified this with another repro-case that I had on another website, which I knew wasn't cacheable so it didn't display this secondary problem after updating to 2.3.1
maxxcrawford
commented
3 years ago @lbruno – I'm testing this locally on a fresh install, and I'm not seeing the badge [1]. I can confirm there isn't any resources being blocked by FBC on paypal.com, so I agree – you shouldn't see any sort of badge on the email login field.
URL wise, when I click the login button, I am directed to the US version of the login page: https://www.paypal.com/us/signin Is that the same URL you're checking against?
However – if I click the "Sign Up" hero button, I'm directed to a new URL: https://www.paypal.com/us/welcome/flow/signup. That site does include blocked resources, so I do see the badge on that form (as expected) [2].
[1] Sign in page: (https://www.paypal.com/us/signin)
[2] "Sign Up" Hero: (https://www.paypal.com/us/welcome/flow/signup)
lbruno
commented
3 years ago apologies for not being clear: this is NOT ongoing, and I only saw this once, on the same page I had previously visited to check this out -- specifically, I had to refresh the cached page, then it never showed the badge again.
in my particular case it was the Ireland version (paypal.com/ie), but i don't think that's causing the issue here.
like, the caching of the page is the source of the issue: a fresh install most definitely won't show the badge, yes :) my point was that you should communicate a bit more proactively about the possible need to refresh -- problem is, I don't know if there's an appropriate channel for that proactive communication, other than the release notes themselves.
make it a note for the future -- i myself got surprised by the caching aspect, post-update of the extension.
Actual behavior
I'm currently being warned that Facebook may get my email for a number of websites with email logins, even our own website which has zero 3rd party cookies. I used to sometimes be warned about this, but now it seems like I'm being warned more often. Is there something more we need to do to ensure this warning doesn't show up for our website?
Expected behavior
I'd only expect this warning to show when the site includes Facebook or other third party tracking. I could be totally wrong, but this kinda feels like a scare tactic especially when I'm encouraged to then sign up for the relay service. The warning insinuates that our site "can" share your email with Facebook. I mean sure, we could theoretically do anything but we never will.
This is totally unfair especially for small non-profits like ours that are championing data sovereignty. For Mozilla to insinuate that we could give your email to Facebook is hurtful, and I'd expect much better from Mozilla.
Mahalo, Keoni.
Steps to reproduce
Notes