Firefox to run experiment to reduce push notification permission spam

CNE

Best Phones for 2019

Our editors hand-picked these products based on our tests and reviews.

Read now

Mozilla intends to run two experiments over the course of this month, April 2019, to determine the most adequate way of dealing with push notification spam, a growing problem that is slowly deteriorating the web experience for everyone.

The experiments will run in Firefox Nightly (v68) and Firefox Beta (v67).

The purpose of the Firefox Nightly experiment is to test new mechanisms of showing notification prompts, while the Firefox Beta experiment will only focus on collecting data on how users interact with the current push notification permission prompts.

Also: Online security 101: Tips for protecting your privacy

Firefox Nightly experiment

The Firefox Nightly experiment will run from April 1 to April 29. During this time, Mozilla said Firefox Nightly would only allow websites to show a push notification permission only after the user has clicked or pressed a key while on a website.

All attempts to show a push notification permission request before a click or key press will be blocked by default. The way Firefox will block this event will also be different.

In the first two weeks of this experiment, Firefox will not show any user-facing notifications when the restriction is applied to a website.

In the last two weeks of the experiment, Firefox will show an icon in the URL bar, but with no visible popup on the page. Users can click this icon and accept any push notification permission requests if they wish so.

The goal of this experiment is to identify which method works best for users and websites alike.

Firefox Beta experiment

The second experiment, the one carried out with Firefox 67 users, isn't actually an experiment, but a market study.

Mozilla devs plan to collect info on the context in which users interact with push notification prompts --such as the time users have been on a site before they first interacted with a push notification permission request, and the number of permissions they've rejected before.

"At Mozilla, this sort of data collection on a release channel is an exception to the rule, and requires strict data review," said Firefox Desktop Engineer Johann Hofmann. "The experiment will run for a limited time, with a small percentage of our release user population."

Push notification permission request hell

The reasons why Mozilla is engaging in these experiments shouldn't be a mystery for most internet users. It seems that most websites these days show a push notification permission request.

News sites, such as ZDNet, use push notifications to alert users when new articles are out. Social networks and instant messaging clients use it to show alerts for trending topics or new messages.

The feature has its legitimate use cases; however, over the past few years, cyber-criminals groups who have realized that push notifications provide an ideal method of pushing spam to users.

The number of websites that show a push notification permission request has now expanded far beyond the scope of news sites, social networks, and IM clients, and now almost every site tries to show a push notification permission requests, most for no real reason or added functionality.

Both Google and Mozilla have realized the can of worms they unleashed on the web after they added support for the Notifications API to their browsers, and have added settings in both Chrome and Firefox to block websites from showing push notification popups during subsequent visits.

However, these settings don't stop new websites from bombarding users and sometimes blocking access to sites altogether, until users deal with a push notification permission request.

It's this problem that Mozilla is trying to fix --namely, to stop never-before-visited sites from spamming users.

In a blog post announcing the experiments today, Mozilla did use the word "spam" to refer to the current state of push notifications.

"According to our telemetry data, the notifications prompt is by far the most frequently shown permission prompt, with about 18 million prompts shown on Firefox Beta in the month from Dec 25 2018 to Jan 24 2019," Mozilla said.

"Not even 3% of these prompts got accepted by users. Most prompts are dismissed, while almost 19% of prompts caused users to leave the site immediately after being confronted with them," the organization added. "This is in stark contrast to the camera/microphone prompt, which has an acceptance rate of about 85%!"

While there's no clear path on how Mozilla plans to address this problem in future Firefox releases, the experiments that Mozilla is currently carrying out are the first step for addressing this problem by first gathering more precise data on how users react to these notifications, and what would be the best way to address this issue.

All the Chromium-based browsers

More browser coverage:

• Chrome and Firefox are borrowing from each other's performance features
  
• Microsoft releases Application Guard extension for Chrome and Firefox
  
• First image surfaces of Google Chrome's upcoming Tab Groups feature
• Google Chrome to block automatic downloads initiated from ad slot iframes
• Google announces Chrome Lite Pages, a way to speed up HTTPS sites
  
• Google fixes Chrome 'evil cursor' bug abused by tech support scam sites
• What enterprises need to know about the new Chromium-based Edge TechRepublic
• Google's most secure login system now works on Firefox and Edge, too CNET