Firefox to hide notification popups by default starting next year

[steven36]

In a move to fight spam and improve the health of the web, Mozilla will hide notification popups -- a feature nobody asked for.

 

 

In a move to fight spam and improve the health of the web, Firefox will hide those annoying notification popups by default starting next year, with the release of Firefox 72, in January 2020, ZDNet has learned from a Mozilla engineer.

 

The move comes after Mozilla ran an experiment back in April this year to see how users interacted with notifications, and also looked at different ways of blocking notifications from being too intrusive.

 

Usage stats showed that the vast majority (97%) of Firefox users dismissed notifications, or chose to block a website from showing notifications at all.

 

As a result, Mozilla engineers have decided to hide the notification popup that drops down from Firefox's URL bar, starting with Firefox 72.

 

If a website shows a notification, the popup will be hidden by default, and an icon added to the URL bar instead. Firefox will then animate the icon using a wiggle effect to let the user know there's a notification subscription popup available, but the popup won't be displayed until the user clicks the icon. We've recorded a GIF of this new routine, here.

 

Firefox Nightly versions already come with this notification popup blocker active, but the stable Firefox branch is scheduled to get it next January.

The Notification API, and how it all went south

Notification popups were added to modern browsers in Chrome 22 (September 2012) and Firefox 22 (June 2013), with the addition of the Notifications API.

 

 

Their initial purpose was to allow websites to display notifications, and alert users of new content, after users closed a website's tab.

 

For example, you subscribed to Slack notifications, have a conversation, and close the Slack browser tab. The Notifications API allowed websites to show a popup when you received a new message, or there was new content available in your (now-closed) Slack tab.

 

News sites, such as ZDNet, also use notifications to alert users when new articles are out. Social networks and instant messaging clients use it to show alerts for trending topics or new messages.

 

The feature has its use cases, and can be extremely useful, but only when used by legitimate organizations.

 

Fraudsters and spammers love notifications

But over the past few years, unscrupulous groups have realized that the Notifications API provides an ideal method of pushing spam to users, even after users left the malicious site.

 

 

Cybercrime groups have been luring users on random sites, and showing notification popups. If users accidentally clicked on the wrong button and subscribed to one of these shady sites, then they'd be pestered with all sorts of nasty popups.

 

Malicious threat actors have been seen using notifications (also known as subscription spam) to push links to shady products, links to malware downloads, or run-of-the-mill pill or Viagra spam [1, 2].

 

"Notification spam is quite common, especially via certain types of publishers and malvertising in general," Jérôme Segura, malware analyst at Malwarebytes, told ZDNet in an interview today.

 

"Since most browsers can block ad popups or popunders, push notifications have been greatly abused," Segura added. "In fact, I even question the merits of such a 'feature' in the first place or at least some serious oversight in how it could be implemented.

 

"Years ago, people would come to you about annoying ad notifications popping up on their machine, and that was usually due to adware programs [installed locally]. But these days, I would say this has been largely replaced by notification spam, which is very easy to fall for with some basic social engineering," he added.

 

"In comparison to cleaning up an infected machine, it's actually much easier to remove already allowed notifications, but most people just don't know how," Segura said.

 

And browser makers, too, have realized that the feature can be quite annoying, and downright dangerous. In recent years, most browsers have added settings to block websites from showing notifications.

 

However, Mozilla is the first browser vendor to block notification popups by default.

 

"I think Mozilla's decision is good for the health of the web," Segura told ZDNet.

 

You can unsubscribe from receiving notifications from sites via any browser's settings section. Most browsers support a search feature in the settings section. Users can use it to search for the "notifications" options and block or unsubscribe from the shady sites.

 

 

Source

[zanderthunder]

Firefox is taking steps to stop browser notification spam from next year

 

Soon you’ll need to interact to see the notification requests

 

 

 

Mozilla is changing how Firefox handles notification requests to try and cut down on annoying pop-ups, the organization has announced. Starting with Firefox version 72, due for release in January, requests to display desktop notifications will come in the form of a small icon in Firefox’s URL bar, and users will need to click this to actually see the notification request. Currently, just visiting many sites is enough to cause them to show a relatively large notification prompt.

 

In its blog post, Mozilla said that it took the decision after its research showed just how unpopular notifications are with users. Despite ostensibly being a convenient way for sites to share updates with users after they’ve closed the tab, around 99 percent of notification prompts aren’t accepted by users, and 48 percent are actively denied. It also found that repeatedly asking users to show notifications rarely gets them to change their mind.

 

Browser notifications aren’t just annoying, in many cases they can be used by malicious sites to trick users into downloading malware, or serve dodgy web ads, according to ZDNet. One malware analyst said that notification spam has “largely replaced” adware as a major source of user complaints.

 

Although Firefox’s biggest changes aren’t due to arrive until January, the browser has already made a small change to how it handles notification in version 70. Now, when you visit a new site that wants to show notifications, Firefox has replaced the “Not Now” option with a “Never Allow” option, so you won’t repeatedly be asked to display notifications by the same site.

 

Mozilla is the first browser to officially announce plans to block notification requests by default, but Google is experimenting with a similar feature for the Chrome browser, which makes notification prompts less invasive. If you want to turn off notification requests entirely, then you can find our guide on how to do that right here.

 

Source: Firefox is taking steps to stop browser notification spam from next year (via Neowin)