Using Permissions to Establish Trust

TrustI used to work in an industry where being ISO 9001 certified was necessary in order to remain competitive. If you are unfamiliar with ISO 9001, it is a set of standards that requires a business to document each process, and then follow those documented processes. And every autumn, sure as the leaves falling from the trees, an independent auditor would show up to verify we were indeed documenting and following our processes. It’s like a tax audit you impose on yourself (and about as unpleasant).

The idea behind ISO 9001, though, is that a certified business can be trusted, both in its business dealings and its delivered products. It is meant to convey a sense of quality and security to customers.

Firefox (thankfully) is not subject to ISO standards, but we still ask users to trust us. This is especially true for extensions. How do we communicate that a user should trust an extension when, conceivably, it has access to every site the user visits and can see each byte of data the user sends and receives.

A primary way Firefox builds trust with users is by showing them what an extension is capable of doing via permissions.  During installation, the user is presented with a list of permissions that the extension has requested, and that list must be explicitly confirmed before installation proceeds. As developers we can take advantage of this opportunity to connect with our users. Fully explaining the permissions we need (on the landing page, in the listing, and/or in the extension itself) and why we need them creates trust in our extension and faith in Firefox.

Chrome has had this type of permission system for some time, and most people are used to seeing this on their mobile phones where, for years, applications have asked for permissions when installed.  Long time Firefox users, however, may not be used to seeing this prompt, as it is relatively new, introduced with the WebExtensions API. Therefore, as developers, we should only ask for the permissions our extension absolutely needs, demonstrating respect for user privacy and reinforcing the trust bond with our users.

Mozilla provides material on this blog and on our support site to help users better understand what is happening with permissions. For developers, this article on MDN goes into more detail on ways to request and use appropriate permissions.  Following that advice can help gain and maintain trust in extensions, without the pain of an ISO 9001 audit.


5 responses

Post a comment

  1. Anon wrote on :

    “Using permissions to build trust”

    And yet you didn’t trust the users or the add-on developers enough to let them use your browser like they want or need to. So how’s the api coming for new toolbars, tiling tabs next to each other, recreating Lazarus, or the other slew of features lost to the woodchipper that is web extentions?


    1. kjemmo wrote on :

      Toolbar API is still not scheduled.

      It is a disaster that it is not done yet and even more that no target version is set. As developers we still do not know if it will take months or years or if it will ever be implemented.

      Please make some noise for the toolbar API and vote for it here:


    2. Chuck Baker wrote on :

      It should be possible to recreate Lazarus now. I’ve done it for Chrome (Text Input Recovery Extension, or ‘TIRE’ –

      I plan to eventually port it to Fx in the future, but to be honest, WebExtensions is so primitive compared to XUL/XPCOM that it is a slow, cumbersome process to develop anything. At least for me.


  2. Ben Basson wrote on :

    The problem with most permission models (e.g. Android) is that the permissions are vague and broad. Often, if you want to do a relatively minor thing, you have to ask for fairly substantive permissions that users might baulk at.

    I don’t think “fully explaining the permissions we need (on the landing page, in the listing, and/or in the extension itself)” is really a good answer to this problem. It adds a significant amount of overhead for the end-user to understand if a permission is safe to grant.

    A further problem is that once a permission is granted, that grant is presumably permanent, and an initially minor use-case (that an end-user might begrudgingly allow) could be silently expanded into something more serious.

    I’m not suggesting that permissions systems are inherently bad, but are there any plans from the WebExt team to take feedback on these problems and iterate the permissions model? If not, it seems like there’ll be yet another broken permissions ecosystem where end-users have to blindly accept everything to get minimal functionality.


  3. ff wrote on :

    “ISO 9001 it is a set of standards that requires a business to document each process, and then follow those documented processes. ”

    … typically getting you nowhere, which was proven time and again.


Post Your Comment