Bad security advice in Firefox Add-On store

[claudiodangelis]

On the Github Selfie page [1] of the Firefox Add-On store, the description says:

IMPORTANT NOTE

Firefox will constantly ask you to use your webcam by default.
To let it always use your webcam, do the following:

1. Type "about:config" in your address bar and hit Enter.
2. Search for "media.navigator.permission.disabled"
3. Set it to True.

There is no need to say that letting a web browser always use a webcam without asking for user's permission is just a security hazard that should never be advised unless for development purposes. If possible, please remove that note.

[1] https://addons.mozilla.org/en-US/firefox/addon/github-selfies/

Claudio

[thieman]

This note has been removed.

FWIW, this was originally added after I got feedback from early Firefox users that the constant pestering about allowing the webcam made them less likely to want to use the extension. Chrome only asked you once for a given website and then remembered your preference, which was much friendlier. The note was added to allow Firefox users to have a better experience.

No idea if you're in a position where you can communicate that to the Firefox devs (or if that is even how Firefox still behaves), just thought I'd mention it. Thanks for the issue. :smile:

[claudiodangelis]

Hello @thieman, thank you for addressing this. I'm not a Firefox user, but I did a quick test and I found out that this permission is (now?) site-specifc. What I did:

1) Go to https://test.webrtc.org/ 2) Allow access to cam/mic 3) Close https://test.webrtc.org/ 4) Go to https://opentokrtc.com/testroom 5) Do not allow access to cam/mic 6) Go back to https://test.webrtc.org/ 7) Permission to cam/mic already granted 8) Go back to https://opentokrtc.com/testroom 9) Permission to cam/mic not automatically granted

Claudio

[thieman]

Awesome, looks like it was fixed about a year ago: https://bugzilla.mozilla.org/show_bug.cgi?id=804611