I've not received my own updates for weeks a few times because I haven't noticed the warning, and about a third of our users are on ancient versions presumably because of it .
I think the real solution to this problem is GDPR: massive fines if you abuse your users' trust (and get caught).
I'm not keen on the literal dark pattern that Firefox uses to dissuade developers from requiring new permissions.
If url, div, cookies and any other info are collected, what are they?
What server connections are made by the extension, IP, Name, contents of info transmitted?
All the GUI, collection system should be in place as part of JS dev/debug tools already. Just customized it a bit so any tech savvy users can check the audit logs and enable more logging for a plugin if needed.
If an user spots something not right, it is also easy to out the "plugin/extension" on a public forum.
> Chrome prompts the user if adding the permissions results in different warning messages than the user has already seen and accepted.
If you want more permissions, then ask for more permissions.
And don't be surprised when people say NO.
Not everyone wants to grant the permissions to your update even if the update fixes bugs in older versions. Not everyone will want your new feature in the first place. Denying permissions is an easy way to eliminate the risk of having to go through and figure out whether or not the new feature is trustworthy.
And if you're not adding a new feature, then why do you need more permissions?
I agree with you. As another reply to you states, however, Firefox doesn't currently let me ask. You have to kind of go hunting for it.
> And if you're not adding a new feature, then why do you need more permissions?
Firefox does not let me explain why the permissions are needed. It would be nice if we could have a little blurb where we can state our case next to each permission.
Our current approach is to explain likely upcoming permissions requests in advance and ask our users to stay vigilant for the appearance of the tiny yellow exclamation mark, but that's not very helpful to the third of users stuck on old verions before we learnt that trick.
> And don't be surprised when people say NO.
I think very few of these users have said no on purpose. We ask for (and use) almost everything , so any marginal new permissions are unlikely to give us much more power. The current permission model actually makes it tempting to just literally ask for everything because we might want it for a new feature in the future.
The optional permissions are not fine-grained enough to be useful (you can accept all optional permissions, or none) and not available for enough permissions, otherwise we would use them.
Also, the first versions of our software were really slow and bad. I really doubt many people are staying there on purpose. (If there are any Tridactyl users in this thread using an old version on purpose, I'd like to hear from you :) ).
How much more time can I reasonably be expected to donate? Just trying to find duplicates on the BMO could take ages.
Complaining into the void on the internet takes much less time and makes me feel better :)
A better approach would be to allow extension upgrades, irrespective of permissions. If a user chooses to deny permissions the extension should still work on the latest version.