I once asked a Mozilla developer why does Firefox display "Adobe Flash plugin blocked on this page" notification when the page apparently doesn't use Flash at all and choosing either option (allow/block) doesn't impede its functionality or change the appearance whatsoever.
The developer replied there are Flash cookies being set and it's possible an attack could come through them. When I asked if he knows about any such case happening, the answer was no. Then what is the purpose of bothering the user about an attack vector if the attack is merely theoretical?
My conclusion was that software products normally stimulate adoption by offering useful features but Firefox deviated from this attitude and adopted what I call "avoidance of annoyance" – the user has to upgrade to the latest version to avoid being annoyed by incessant popups and notifications that can only be delayed but never permanently removed.
The irony is that updating to the latest version of Firefox will get rid of the previous generation of notifications while bringing a new cycle, thus ensuring users are constantly kept in a state of anguish and frustration that will keep them updating for the sake of updating.
> When I asked if he knows about any such case happening, the answer was no. Then what is the purpose of bothering the user about an attack vector if the attack is merely theoretical?
I'm not OK with the philosophy of "let's not fix any security holes until we find someone actively exploiting them".
In short, I would like to see Firefox empower and inform its users.
The current implementation of the Adobe Flash plugin warning does neither, and by the looks of it, add-on permissions mentioned in the OP will be the same.
I'd cede the point if the topic was abstract philosophy or my comment was intentionally vague, but neither of those are true.
What I said and what pcwalton argued against have nothing in common, except two out of 13 words: "any" and "them", which means pcwalton simply made up 84.62% of that statement. Why? It makes for a handy strawman so he can appear intellectually superior.
The developer replied there are Flash cookies being set and it's possible an attack could come through them. When I asked if he knows about any such case happening, the answer was no. Then what is the purpose of bothering the user about an attack vector if the attack is merely theoretical?
My conclusion was that software products normally stimulate adoption by offering useful features but Firefox deviated from this attitude and adopted what I call "avoidance of annoyance" – the user has to upgrade to the latest version to avoid being annoyed by incessant popups and notifications that can only be delayed but never permanently removed.
The irony is that updating to the latest version of Firefox will get rid of the previous generation of notifications while bringing a new cycle, thus ensuring users are constantly kept in a state of anguish and frustration that will keep them updating for the sake of updating.