Client request for authorization with Kee should have the browser name

debug
feature
#1

I recently started getting a ton of dialogs with the request:

“Kee” claims that it is “A browser addon that securely enables automatic login to most websites. Previously known as KeeFox.”.

Originally I thought that this could be related to kee-org/KeeFox#252 but after some debugging I realized that Chrome was starting up in the background causing these requests.

My suggestions are:

  • The request should contain which browser it originates from
  • The request should not be triggered when Chrome is running in the background

I posted this question as an issue but was recommended to move the question here.

#2

Thanks for the suggestions.

There’s currently no reliable way to identify which browser Kee is executing within. We can make a good guess between Firefox and Chromium (but not all their differently named variants). A good guess is not good enough when presenting this class of information to users so I think we’d need support from the browser manufacturers to make this change in a reliable fashion. If we can’t make it 100% reliable it’s arguably a regression from the current generic “browser addon” information.

I wonder if changing “addon” to “extension” would help? That’s what Chromium browsers call Kee and Mozilla are increasingly switching their user-facing naming from “addon” to “extension” so I think it also makes sense to Firefox users now?

Possibly could check for minimized state on every window before initiating a new SRP connection attempt: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/windows/WindowState

Not sure I want to couple UI state to the backend in this way though. Also would have to check exactly what this “background mode” is in Chrome and how it behaves with respect to the WebExtensions API linked above and whether it will be affected by Manifest v3 changes.

Do many others come across this same confusion with this dialog message?

#3

Thanks for the reply. I think that you could “hide” the information behind a “details” button or something where the browser source hint is given would help. 99% of users will never need to bother, but it was incredibly annoying before I understood the problem and this would be a cheap fix.

Addon/extension renaming would probably not have helped me. Never quite understood the name-change.

Annoying that the minimize state is so difficult to detect, seems like a pretty basic thing.

An additional option would be to store a counter where > 10 requests/day flags a warning or something.