ment surface is when the permission prompt is showing
(Figure 12a);
• Confirmation chips (”Allowed/Not allowed”), to further
strengthen where a decision can be reversed after making
a decision (Figure 12b and 12c); and
• Indicator chips, showing when a granted capability is
actively used by the site and hinting at where it can be
turned off.
All these chips show in the same location in the address
bar. Clicking on any chip at any time will bring up the site
controls surface, which always has permission controls. The
request and confirmation chips rolled out in Chrome versions
M111 and M109, respectively, while indicator chips were still
forthcoming at the time of writing.
While using chips consistently should strengthen discov-
erability of where to take action, we also plan to change the
string in the quieted prompt chip from “Notifications blocked”
to “Use notifications?”, reusing the text of the request chip.
While the initial idea with this string choice was to reassure
users that Chrome has prevented a site from interrupting them,
phrasing this as a question will help to communicate that users
can still make a choice. This should provide a heightened
sense of actionability and therefore reduce the perceived lack
of control. The absence of the prompt itself as well as the text
in the popup after clicking on the chip should be sufficient
to provide contextual clues about what is happening. Beyond
this, we can also consider educational interventions to explain
prompt quieting outside of the product.
D. Reduce false positives on sites following best practices
Websites that follow UX best practices when requesting
permissions use web capabilities for their intended purpose
and provide a clear user benefit from accessing the permission-
gated capability. Telemetry data computed on a small sample
of 15 popular websites (productivity, news and social media)
indicates that users tend to behave differently: even those who
frequently deny permissions on other sites are more likely to
grant access on these sites. Examples of such sites include
messaging sites requesting the notification permission.
Currently, WPP determines which permission prompts to
quiet only based on the user’s past actions on prompts of the
same permission type and on the current browsing context.
Hence, as permissions are only granted occasionally, per-user
signals carry a lot of weight, often ignoring the fact that
some sites may have more popular and helpful use cases for a
given permission, resulting in undesired quieting of prompts.
We suspect such false positives might also be one of the
factors contributing to lower helpfulness ratings and reasons
for feeling uneasy reported in the in-context survey.
To further improve the ML accuracy and reduce false posi-
tives, WPP could also consider additional features, such as site-
related aggregated statistics (e.g., grant/deny/dismiss/ignore
rates for a given website) as well as other crawler-based
signals.
IX. CONCLUSION AND NEXT STEPS
In this paper, we presented an evaluation of an improved
intervention to quiet permission prompts on users’ behalf in the
wild. Using telemetry, we find that Chrome can now intervene
on a substantially larger number of permission prompts, while
keeping false positive rates low. This reduces interruptions and
prompt blindness even further. In-product survey respondents
mostly rate the intervention as helpful without causing sub-
stantial feelings of unease. Our results further suggest some
room for improvement: the remaining false positives in our
evaluation are frequently driven by popular sites, the ability to
override Chrome’s intervention is not easy enough to discover,
and some respondents indicated a lack of perceived control.
We are currently evaluating options to address the short-
comings, as discussed in the previous section. The team will
consider a new version of the WPP with improved signals,
which could help to reduce false positives that seem to affect
some of the sampled sites that follow best practices. Chrome
also is in the process of rolling out a consistent chip-based
UI along permission prompts to reinforce where permissions
can be managed. Additionally, we are planning to change the
text in the quiet prompt UI, to more directly invite users to
override and thus provide a heightened sense of control.
ACKNOWLEDGMENTS
We would like to thank Florian Jacky for his help with
fielding the in-context surveys. We are also grateful for Tiff
Perumpail, Sabine Borsay, Ceenu George, Mike West, Alisha
Alleyne, Nina Taft, Caitlin Sadowski and Adriana Porter Felt
as well as the anonymous reviewers helping us to improve the
manuscript.
REFERENCES
[1] Alessandro Acquisti, Idris Adjerid, Laura Brandimarte, Lorrie Faith
Cranor, Saranga Komanduri, Pedro Giovanni Leon, Norman Sadeh,
Florian Schaub, Yang Wang, and Shomir Wilson. Nudges (and deceptive
patterns) for privacy: Six years later. In The Routledge Handbook of
Privacy and Social Media, pages 257–269. 2023.
[2] Alistair Dabbs. Enough with the notifications! Focus assist will shut
them u... ‘But I’m too important!’. https://www.theregister.com/2022/
08/05/something for the weekend/, 2022. Last accessed: 2023-06-28.
[3] Pieter Arntz. Browser push notifications: a feature asking to be abused,
2019. https://blog.malwarebytes.com/security-world/technology/2019/
01/browser-push-notifications-feature-asking-abused/.
[4] Igor Bilogrevic, Balazs Engedy, Judson L. Porter III, Nina Taft,
Kamila Hasanbega, Andrew Paseltiner, Hwi Kyoung Lee, Edward
Jung, Meggyn Watkins, PJ McLachlan, and Jason James. ”Shhh...be
quiet!” Reducing the Unwanted Interruptions of Notification Permission
Prompts on Chrome. In USENIX Security, 2021. https://www.usenix.
org/conference/usenixsecurity21/presentation/bilogrevic.
[5] BlinkOn 15. Day 1 keynote and lightning talks. https://youtu.be/-P
WMKaIhfA?t=828, 2021. Last accessed: 2023-06-28.
[6] Microsoft Edge Blog and Microsoft Edge Team. Reducing distractions
with quiet notification requests. https://blogs.windows.com/msedgedev/
2020/07/23/reducing-distractions-quiet-notification-requests/, 2020.
Last accessed: 2023-06-28.
[7] Cristian Bravo-Lillo, Saranga Komanduri, Lorrie Faith Cranor,
Robert W. Reeder, Manya Sleeper, Julie Downs, and Stuart Schechter.
Your attention please: designing security-decision UIs to make genuine
risks harder to ignore. In Symposium on Usable Privacy and Security
(SOUPS), 2013. https://dl.acm.org/doi/abs/10.1145/2501604.2501610.
[8] Matt Burgess. Chrome and Firefox are fixing the inter-
net’s most annoying problem. https://www.wired.co.uk/article/
chrome-firefox-browser-notifications, 2020. Last accessed: 2023-06-28.
[9] Weicheng Cao, Chunqiu Xia, Sai Teja Peddinti, David Lie, Nina Taft,
and Lisa Austin. A large scale study of users behaviors, expectations
and engagement with android permissions. In USENIX Security, 2021.
https://www.usenix.org/system/files/sec21-cao-weicheng.pdf.
12