[cortesoft]

I think you are going a bit too far with your requirement for a popup banner every time you use it. Do you expect a popup banner every time you click a link on a web page taking you to a third party website, because they are going to be able to run javascript code on your computer?

As long as the plugin is clear that they are using a third party service that will recieve your images, I think it is fine to leave it at that. Not everyone feels that is a deal breaker, and they shouldn't be annoyed by a pop up just because their deal breaker is different than yours.

[angry_octet]

In reply to you first question, no, because it is my computer, it runs with same origin policy in the sandbox. And I've chosen to enable js for that site. So it couldn't do what this extension does, which is cross site data transfer.

If the end user clicks the 'do not show again' checkbox on the message, sure. But it should still be graphically represented whenever you use an insecure cloud plugin, e.g. via an unlocked padlock sub icon if it doesn't use TLS, maybe a cloud sub-icon to represent someone else's computer.

[jasonkostempski]

A link shouldnt get a pop up but, if running JavaScript had required at least a one-time user approval for each individual script link from the day off it's inception, the web would be a much friendlier place.

[cortesoft]

Do you really think so? I think in practice, if every website you visited made you click 10-50 pop ups the first time you went to the site, people would start to blindly click without reading, and it would be even easier to slip a malicious pop up request by a user.

While you might want to believe that a user would actually think about what they are accepting, reality is almost all don't. Even the more security minded people among us will start to get numb to the requests. Only the most paranoid would pay attention to all of them, and those people are probably already doing things that would make that sort of pop up redundant.

I think this is a very common trap we fall into, where we want to provide MORE warnings to people and let them use their judgement. However, there is such a thing as 'alert fatigue'.

In California, companies that produce carcinogens took advantage of this aspect of human nature; when California wanted to place warning signs about cancer causing substances, they realized they couldn't win the fight against the warnings. Instead, they fought for MORE warnings; they wanted warning signs for even very slight risk carcinogens. They knew that if the signs were EVERYWHERE, people would stop paying attention to them.

It worked. Basically every building in California has a warning that 'substances known to cause cancer or birth defects are present'. Since every building has the same warning, I have no way of knowing which ones are ACTUALLY dangerous.

[jasonkostempski]

No, I don't expect most users would care. Most users wouldn't care if sites could execute native code as root on their machine. I think, if there was a prompt, content providers that cared, even a little bit, about presentation would think real hard before introduction that prompt. The way it works now, providers very rarely think twice about adding it. And I think ad networks, trackers and all the other useless, JS based, user hostile tools of the web, would have a much harder time convincing site owners to drop in a snippet of JS when there were actual consequences for doing so.

However, I don't believe for a second, without some kind of law, punishable by death, a requirement like that would have lasted. It would take only one browser to default "Never prompt for permissions to run JavaScript". Typical users would flock to it (because sites would say they only work with it) and compliant browsers would have to copy to compete. Users ruin everything.

[cortesoft]

If human nature doesn't allow a solution to be viable, it is useless to blame human nature. You need a different solution.

[jasonkostempski]

An argument against building A.I. because the simplest solution to that is to eliminate humans from the equation.