Please remove warning message when not applicable #783
Comments
|
Hi, See screenshot The page is simple HTML code |
|
This also came up on Mozilla Support today: https://support.mozilla.org/questions/1345601 |
|
Here we have it giving a big scary warning about Mozilla bugzilla. This behaviour is reprehensible, please remove it. It's commandeering screen space on third party websites to advertise a commercial Mozilla service. What is this, AOL? |
|
Hi, I just encountered this issue as well.
Relevant site: https://app.revolt.chat Edit: I just noticed it on the Microsoft publishing website too, it's not even attached to an input, it's just there in the corner.
Website is https://partner.microsoft.com but you have to be logged in. |
|
I didn't notice this until revising my e-mail sign-up form, but it's unacceptable. It sent me off on a time-wasting research project to figure out what the (in my case) Mailchimp-Facebook connection was or, failing that, what was getting injected into my blog to refer to Facebook. And here's the kicker: This "Relay" thing could also share e-mail addresses with Facebook, for all I know! So why is an organization that I support spreading fear like this? Why are Mozilla sign-up forms magically exempt from this fear? I use and recommend Firefox. I use and recommend Facebook Container and Multi-Account Containers. If Mozilla would rather I use and recommend Chrome, I'd rather not, but the option is there... Oh, and for everyone else, I visited Mozilla.org's front page and snagged the CSS |
|
This is a +1 from me - I don't have any third-party code on this website, and the privacy policy is really clear that no I don't give any data to Facebook. Why is this warning message erroneously claiming that I am?
The only effect of this is to desensitize people - since it will appear every time someone asks for an email? It's a crazy decision, and is bad for my business and the open, responsible web. Please reconsider. |
|
+1 to the comments above. Our website votesup.eu does not pass on data to any other server and we put a lot of effort into it to offer a very privacy-sensitive platform to NGOs in general. But now suddenly this irritating and misleading message pops up when having the add-on installed. |
Just as a small correction - the add-on is installed by default. So every user, unless they turn it off, will see this denigratory message. Very poor form. |
|
Minimal testcase: save the following in a local Result:
|
Facebook Container is not one of the built-in "Feature" extensions, but it is listed has having 1.58 million users so that is more than enough to generate some concerned messages or discourage some users. I think some sites may choose to fall back to the older style of form input: MODERN (triggers icon):
TRADITIONAL (does not trigger icon):
|
|
To add to the post above, I managed to circumvent it by just pretending it already has a badge. <input type="email" class="fbc-has-badge">
<input type="email">
<input type="email">I'm not sure if this has any flaws to it however.
|
|
+1 This is horrible. Yesterday I was baffled as to how the login form on Google could have anything to do with Facebook, and then just now I saw the same thing on a form on code I wrote! I know my code has no connection to Facebook, so I did a search and ended up here. Please fix this. |
The Firefox Relay add-on/plugin uses Amazon Simple Email Service, I copied the below from the privacy page. |
|
Thanks for the reassurance, but of course that's not the point - we shouldn't have to use a relay to hide our email address on the 99% of forms that have nothing to do with Facebook. |
Totally agree. My point was that having this service provided by Amazon (SES) was just as concerning to me as "supposedly" Facebook tracking email addresses. Personally, I think it's about the Firefox / Facebook Container plugin "advertising" the Relay service. |
|
We are having the same issue I expect this to NOT be shown since we do not share any data with Facebook. The only contact point with Facebook we have is if the user uses it as a social-login (which would be one-directional from Facebook to us to get basic account data) - but we never send any user-data to Facebook of any kind or enable Facebook to track the user. We dont load any scripts from Facebook or similar. |
|
+1 on this. We have a corporate web application developed by ourself used internally with no link to Facebook whatsoever and now all users with Firefox see this warning on the login form and their profile page. This honestly looks like forced advertising for some service. |
I agree, I have removed all Facebook URL's from my website and the warning icon has now gone from the email boxes. |
|
This functionality is based on an assumption of "guilty-until proven innocent", without a way to prove innocence. I think it's counter-productive for users, as it dilutes the message (oh, this is not a real warning, it doesn't really mean you're being tracked). It also punishes services which actually protect users privacy by setting the warning on them anyway. I think it's a forced advertising that is actually hurtful. Please undo this change. |
|
Hey all — we're working on this now. The email field warning prompt should only appear on sites that have had Facebook resources blocked. Thanks to @lmjst for filing this issue. |
Fix #783 - Scope email tracking prompts only to sites where Facebook has been blocked
|
Submitted the new version to AMO for review. |
|
This is inappropriate. We don't integrate with Facebook in any way, and yet we're marked as doing so. Please remove this spammy feature. Edit: Just read the latest update. Thank you for a prompt resolution. |
|
Don't use my website as a place to advertise your service. This is absolutely unacceptable.
|
|
One of our staff first noticed this on an e-commerce form and I was concerned the site might have been hacked with some sort of invisible script injection to steal card numbers (and talk to Facebook, almost as bad). Glad to see the fix is in the works... 15 minutes of semi-panic was sufficient :-) |
|
New version has been released on AMO. If you'd like to trigger the update manually, go to
|
|
I don't think this is truly fixed. I am still seeing it on web sites where the FB scripts are blocked by uBlock, etc... So FB can't really track me but I still get this scary warning. Sure the page tried but they can't so why am I still seeing this warning? The fix should be better adapted to script blocking. |
|
I thought it was gone, but I'm still seeing it now and then in isolated instances. My current example is a form on a Wordpress website I'm helping design (which has nothing to do with Facebook) - if I'm logged into Wordpress when viewing the site, I get the warning icon, but if I'm not (i.e. seeing it as the public would) I don't. I have no idea why. |
|
@OsakaWebbie Can you confirm there are no Facebook scripts being loaded in (via Network tab, etc)? The PR that fixes this only fires when a script from our block list is loaded into a site loaded outside of the Facebook Container. |
This is an interesting point. The Facebook Container extension is still detecting the resource request from Facebook, triggering the prompt(s) to show, regardless if another add-on is also blocking resources. I'll file this as a separate bug to look into. |
Two are requested but not loaded. Here is a snippet from the Network tab - the only requests with the word "facebook" are both blocked:
FYI, I misspoke before - I have now discovered that the presence/absence of the warning icon in the site I'm talking about is not whether I'm logged in, but whether I'm looking at a single post or an archive. So you also can see it and use it for testing - go to https://deafministriesinternational.com and click on any title/photo to view a single blog post. The form is in the sidebar. The cause of the attempted requests is almost certainly the FB button under "Share this:" at the bottom of the post content. |
|
Is there any further action on this? Perhaps I'm naive, but it seems to me that having a "Share this" link in one spot on a page is not related to a simple form somewhere else on a page, which was built by a completely different plugin or part of Wordpress with no reference to Facebook. Can Facebook really track any activity on such a page? (If so, then "Share" links should be banned!) Or is the code that generates the warning too simple, just finding anything with a facebook domain name and declaring the whole page tainted? |
With new version 2.3.0 :
"Email fields will now show a prompt, alerting users about how Facebook can track users by their email address. Note that there is a checkbox you can click when dismissing this prompt to no longer see this badge on email input fields"
Why ruin user experience even if he/she is not connected to Facebook (and even has not visited FB during the session) and no Facebook widget or other FB interaction is used on the visited website nor on the user terminal ???
This is terrible. The icon "img/fence-large.svg)" and message below should not appear :
"Facebook Container
Allow Facebook to track you here? This site can share your email address with Facebook, which allows Facebook to track you. Use a service like Firefox Relay to hide your real email address."
Thanks
PS the message is not even translated in the user browser language
The text was updated successfully, but these errors were encountered: