Pixel Envy

Written by Nick Heer.

Firefox Nightlies Begin Requiring User Action to Trigger Push Notification Requests

Johann Hofmann of Mozilla:

Permission prompts are a common sight on the web today. They allow websites to prompt for access to powerful features when needed, giving users granular and contextual choice about what to allow. The permission model has allowed browsers to ship features that would have presented risks to privacy and security otherwise.

However, over the last few years the ecosystem has seen a rise in unsolicited, out-of-context permission prompts being put in front of users, particularly ones that ask for permission to send push notifications.


According to our telemetry data, the notifications prompt is by far the most frequently shown permission prompt, with about 18 million prompts shown on Firefox Beta in the month from Dec 25 2018 to Jan 24 2019. Not even 3% of these prompts got accepted by users. Most prompts are dismissed, while almost 19% of prompts caused users to leave the site immediately after being confronted with them. This is in stark contrast to the camera/microphone prompt, which has an acceptance rate of about 85%!

This is a great move, and I hope all browsers copy Mozilla’s initiative. This will not, however, block those irritating One Signal prompts; for that, you’ll want to block onesignal.com and cdn.onesignal.com in your favourite ad or script blocker.

All software ought to more carefully consider the ways a new feature can be exploited, but web browsers should be especially vigilant due to the open nature of the web. It’s frustrating how jackass marketers and “growth” teams can’t resist abusing a feature as simple as allowing users to get notified when they have a new message.