{"id":1050,"date":"2010-06-08T16:17:27","date_gmt":"2010-06-09T00:17:27","guid":{"rendered":"http:\/\/blog.mozilla.org\/webdev\/?p=1050"},"modified":"2010-06-08T19:28:02","modified_gmt":"2010-06-09T03:28:02","slug":"firefox-blocklisting-the-quest-for-safe-and-happy","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/webdev\/2010\/06\/08\/firefox-blocklisting-the-quest-for-safe-and-happy\/","title":{"rendered":"Firefox Blocklisting: the quest for Safe and Happy"},"content":{"rendered":"

\"\"<\/a><\/a>Firefox has a blocklist service<\/a> that protects users from malicious or faulty plugins and extensions. We’ve used this sparingly in the past but due to the success and popularity of Firefox<\/a> we’ve seen more and more activity on the blocklist<\/a> than ever before.<\/p>\n

Why Blocklisting is Hard<\/h3>\n

The most difficult part of the blocklist service has been deciding when to actually use it. Our policy<\/a> outlines some general guidelines, but it’s not so simple when millions of users are involved because you also have to consider how you could potentially affect user experience. We have to weigh security and stability with user happiness.<\/p>\n

\"\"<\/a><\/p>\n

In the past, being proactive with the service has been tough. Take, for example, the time we blocklisted a plugin and add-on as requested by Microsoft<\/a>. Another example would be the blocking of a relatively hidden Java plugin<\/a> or ancient versions of QuickTime<\/a>.<\/p>\n

In most cases we prevented an expected user interaction from being used. Whether it’s Flash on YouTube, QuickTime for movie previews or Java for applets — when users can’t do what they want to do, it’s a really negative experience. We don’t want to prevent users from doing what they want to do on the web. On the other hand, we don’t want users to be vulnerable to exploits caused by outdated plugins.<\/p>\n

So while we were upset to know that what we did ruined the browsing experience for some people, we also knew that what we were trying to do was right and helped considerably more people than it hurt. I am proud of this — at least the idea that we are willing to do something unpopular because it’s the right thing to do. I do believe, however, that we can manage to keep users safe and happy simultaneously.<\/p>\n

Keep people safe and happy<\/strong>? What a wonderful challenge.<\/p>\n

\"\"<\/a><\/p>\n

Things We’ve Learned<\/h3>\n

Working on the blocklist, we’ve learned:<\/p>\n