Being pretty much a 100% Chrome user, I've yet to click "Allow" when a site wanted to notify/spam/inundate me with shit from sub-companies or worse yet proxy spam me from paying 3rd parties because "well, you did opt in sir". The opt in popup box might as well read: "Are you an idiot? YES|MAYBE".
Not one time have I allowed it ever in all these years and I'm shocked anyone else allows it at all too. Not having considered it before but I'm really surprised this tech is on by default or even exists at all. It may have some neat IOT use cases but IOT has about a billion other notification options for machine/machine communications that are better. Thats the best I can do in terms of trying to argue theres a good aspect of the functionality.
But what about Gmail you say? Well, I personally don't use the web interface anyhow opting instead for a nice/superior experience from a local client but IIRC the tab starts blinking when theres new mail and the number in the title bar changes.
Even LinkedIn and its simple blue dot on the title of the tab is sufficient for me to know theres new activity there if I want to bother looking (ooooh loooook - a guy I know knows a guy that posted a virtue signaling meme regarding a supposedly socially relevant topic that companies pretend to be concerned about - I MUST KNOW ABOUT THIS IMMEDIATELY!).
Now, on to changing browser and OS notifications on all 4 home systems to my preferences this morning. I didn't realize how much the hubris of bugging me with stupid crap annoyed me until this prompted me to consider it. Thanks OP!
I was too! But then like I mentioned with UX dark patterns encouraging users to click by making them believe they have to click it, it's perhaps not as surprising. Non-technical users are already conditioned to click OK or Yes to anything that appears on their screen without reading it.
Interesting. I'm in the same boat I never actually pressed allow, but somehow I never actually thought about disabling it either. I'm going to do that on my moms laptop as well when I get the chance.
I use WhatsApp and the Android Messages web versions, probably i am a special case due to my bad eyes I prefer my KDE accessibility features and typing on a real keyboard over a smartphone.
I understand the advice, but I don't agree they're entirely without purpose.
> I have never seen them used for any legitimate or useful purpose
That's definitely overblown. I've got a half-dozen enabled, and on re-reviewing that list, I still think they're legitimate. Upon checking mine, I've whitelisted Google Calendar, Gmail, Google Meet, Mattermost (work chat app), and Slack, and I want notifications enabled for all those things.
> I understand the advice, but I don't agree they're entirely without purpose.
[…]
> I've got a half-dozen enabled[…]
That's fine for you, a purveyor of tech news. For almost everyone else, they are a means to spam and false malware notifications.
Our company provides services to clients who rely on computers but aren't necessarily computer experts. The only instances of browser notifications that I've seen (on client machines) are those I just described. In fact, yours is the first instance of someone appreciating them that I've encountered.
No shade intended. I just don't think their benefit outweighs their abuse.
> I just don't think their benefit outweighs their abuse.
TFA said they're without purpose, I said I disagree. You're now saying their abuse outweighs their benefit, which is a separate topic, and is more subjective. I'm not sure I entirely agree, but I could definitely see a case for that.
> That's definitely overblown. I've got a half-dozen enabled, and on re-reviewing that list, I still think they're legitimate. Upon checking mine, I've whitelisted Google Calendar, Gmail, Google Meet, Mattermost (work chat app), and Slack, and I want notifications enabled for all those things.
Most of it are native apps tho ?
The difference is that you install app explicitly for purpuse of doing that, vs "I accidentally clicked on website and now it sends crap to my feed" of average illiterate users.
They're mostly Electron, not native apps. My browser has extensions that help me with all of the tracking these apps are full of that are a hassle to patch in Electron apps (who know how Manifest v3 will affect Electron). Unless you have a FOSS TUI I can opt out of tracking, no thanks: I'll keep you in the browser in a pinned tab.
And that's fine, the article only disables pop-ups that prompt to enable notifications. For those few websites which really matter, you can explicitly click on "shield" icon and enable it.
The key idea is that enabling notification should be an explicit actions, and have more consent than a single click.
I don't have notifications / alerts for anything besides family trying to contact me. For everything else, I poll. This has the benefit of allowing me to focus on what I'm doing (which sometimes requires looking things up in a browser) without being interrupted while doing so.
Same: I understand the advice, but it's trivial to find cases where it's useful.
I have three enabled. One is for a past side-hustle, but the others are messages.android.com and messages.google.com . Definitely keeping both of those, even if/when I finally mostly depart the google ecosystem.
Right, a more reasonable argument would be just that the risks outweigh the benefits for some users, especially if they aren't currently using notifications on any legitimate sites.
Certainly for some people. I just prefer the tradeoff of carefully curating my taskbar at the expense of my tab list.
I (over)use the keyboard shortcut of windows key+# (so win+1 switches the focus to the first application icon on the taskbar, win+2 the second, etc), and I've got muscle memory of which applications are pinned to each place. Plus, I've already got the muscle memory of how to get to the various websites I keep open.
Some HN/reddit threads recently mentioned Library Genesis so I visited with Chrome desktop web browser on mac and was surprised it caused a deceptive push notification. Screenshot:
EDIT reply to: >That ad must've been injected by the proxy you were using to access LibGen.
I just went to the top search result for "libgen" from google search result. It's possible they were trying a temporary monetization trial to take advantage of the Z-Library shutdown and that push notification is now gone. The other possibility is that the search result pointed to "libgen.ee" or "libgen.il" which apparently is a clone of Libgen (they call it "Library Genesis+") and it's the clone sites that have the push notifications. It's confusing to to people not familiar with it to know which is fake and which is real. (screenshot of google results:
https://imgur.com/a/65Beo8H)
On another side note, what's amazing is how that website got a push notification silently past Chrome's "Privacy and security" setting of "Sites can ask to send notifications". There was never a "Allow this site to send notification?" prompt. I wonder what Javascript trick they used to bypass Chrome's security.
> I just went to the top search result for "libgen" from google search result.
Yeah, you should never use google for this.
Protip: find the wikipedia article of your site of interest and bookmark it as a source of always up to date urls. Conversely, just use alternative search engines like duckduckgo and/or brave search.
That ad must've been injected by the proxy you were using to access LibGen. uBlock Origin detects no ads, malware or trackers on https://libgen.is/ for me.
"Consider disabling push notifications on your device and on family and friends devices"
because browser vs native should make no difference, right? But when said that way, you see how absurd is the statement as a generate guide. This would be a full-time job to a) convince people not to get notifications and b) change their settings.
Now personally, I have disabled all native push notifications or at best have them sent to the "Notification Center". And after seeing my GF bothered by so many notifications, I showed her how to disable them. Everyone else is on their own.
You have the ability to disable just browser push notifications, at least for Android. I actually find notifications useful, but they can quickly become useless if you are receiving a lot of irrelevant notifications. If you disable all notifications on Android, you wont get things like calendar reminders.
Although it can be useful for some web applications, I kind of wish that push notifications were not added to browsers. Most often they are just abused to spam users. The pop-up you get while going to pages asking you to allow push notifications is also annoying. I have started to disable notifications in all the browsers I use on mobile and desktop.
The post says there are no legitimate use-cases for browser push notifications, but I disagree.
I'm building a niche social media PWA (eschewing native apps to save time), and use browser push notifications to let my users know when someone has DM'ed them.
Sadly, boardgame arena also pushes advertising for new games and features through the notifications as well. I'm sure it's possible to disable specific categories, but it unfortunately undermines their value even more when otherwise legitimate sites still somewhat abuse push notifications.
Of course there are legitmate use-cases; I enable a few myself. BUT--I also know exactly where to go in my browser settings to edit my preferences, should I ever accidentally click "yes" on a bad prompt that starts blasting me with ads and phishing attempts.
The thing is, many non-technical users don't even know where or how notifications really show, much less how to edit/remove them.
At one previous job, that supported vehicle registration for county clerks, there were enough situations where multiple users would "work" on the same vehicle registration that we had to let users know if some other user updated that particular record - rather than fail/error if that user presses submit "too late".
Somewhat real-time chat with a human I'm talking to on purpose is the only legitimate use case I can think of and the only thing I enable any sort of push notification from at all, but even then, only from native apps. If the only reason this needs to be in a browser is saving time for the developer, that isn't a good enough reason for me as a user as long as other options exist that use native apps.
Even to use this theoretically, though, I'd want the strict ability to control who can even send me a direct message. As it stands, the only thing I currently allow push notifications for are SMS and Signal, but the SMS texts are still overwhelming election spam from people who aren't even trying to spam me but have the wrong number for my mother or grandmother and bulk property buyers who claim they want to buy one of my houses. So I hope you plan to enable user-controllable proactive origin filtering (not after the fact user-by-user blocking).
>If the only reason this needs to be in a browser is saving time for the developer, that isn't a good enough reason for me as a user as long as other options exist that use native apps.
Consider food delivery services (from the reastaurants).
We actively order food directly from the reastaurant where possible, because Uber Eats charge more for the food and still charge "service" fees + delivery.
I've just checked, and I have 7 (including Uber Eats) food and grocery delivery apps.
It would be my preference if I dealt with a PWA instead of having to install many apps with varying quality.
A notification of the status of my order is useful, and with the grocery apps, sometimes an item that I've ordered is out of stock, and I have a small window to take some action (if I hadn't chosen one when ordering).
Browsers should've really made it an user-initiated action. Something more akin to adding a site to your browser's bookmarks than what we have currently.
First thing I did when I opened this thread is ctrl+f PWA. Glad you mentioned it even though your comment was so far down.
The other big positive is that the closer PWAs are to native apps in functionality, the less of a stranglehold Apple and Google will have over app distribution.
Another annoyance that totally disappears if you disable JS. In fact, except for perhaps the "I have never seen them used for any legitimate or useful purpose" point, the content of the article could be about JS. As a bonus, fake warnings on the page may also disappear.
I completely agree with the author about how hostile the "modern web" is. At least push notifications are dubious in value from the start, but unfortunatelY JS seems to be trying to replace built-in functionality of the browser like rendering static content.
I've come across a site (on HN, I think) with content written in Markdown which used JavaScript to render Markdown to HTML in the client/browser. Why oh why?
I like to disable JS, but these days virtual no site works without it (except HN, kudos!)
> Your non-technical family members and friends will likely fall for these at some point. For their sake, disable them.
As the famous proverb says "give a man a fish and you feed him for a day; teach a man to fish and you feed him for a lifetime". The best way to "fix" phishing attacks and malware is by making people more "technical". The only way to eliminate these phenomena is by educating people about what a Push Notification really is and that you simply don't have to click it.
The Web needs to be a competitive platform for apps next to the closed and "gated" App Stores. I think that we should not dumb down web browsers to simple page viewers.
I've been around the tech world for a few decades. This sentiment has often been repeated about things like this, but I no longer believe that it's viable. The tech world is just too fast-moving, which means there's not really any such thing as "education". If you manage to teach someone something, it'll probably be out of date in a year or two, if not less. You have to pay attention to the latest trends all the time to really be knowledgeable about it. That just isn't going to happen.
> The best way to "fix" phishing attacks and malware is by making people more "technical".
I've been trying to do this for 25 years. It has yet to be successful. Especially since the vectors of attack change constantly.
> The Web needs to be a competitive platform for apps next to the closed and "gated" App Stores. I think that we should not dumb down web browsers to simple page viewers.
Disagree 100%. With native(ish) apps at least I can do things like block internet access if I don't want them to "phone home". I can also downgrade (or not upgrade) them if they push regressive "updates". Web apps take all control away from the user. We need ways of running whatever we want on mobile. But using web apps as a workaround is a cure that's worse than the disease.
I've managed to get my parents to be suspicious about emails and phone calls, to forward me anything they're unsure of, to reply to any communications purporting to be from their financial institutions by calling back with the number on their card or statement, to install updates as soon as they become available, to use unique passwords for everything and so on....but I still regularly find malicious extensions installed on their browsers and homepages set to some fake version of Google.
I continue to try to educate, but nowadays I make sure they always have ad blockers installed (I believe most of the tricks they fall for stem from malicious ads) and I try to lock things down and disable features where it makes sense. I dislike the locked down world of iOS and what has become of MacOS, but I appreciate having it for devices they use. This is part of my job, I think about this stuff every day and I still worry I can't keep up, so I can't really expect the same from them.
The phone app is the only one which I allow to have "push notifications".
And they can be disabled.
It's also the only one that I can think of that allows me to selectively enable based upon the sender (iOS user here).
Readit News
Not one time have I allowed it ever in all these years and I'm shocked anyone else allows it at all too. Not having considered it before but I'm really surprised this tech is on by default or even exists at all. It may have some neat IOT use cases but IOT has about a billion other notification options for machine/machine communications that are better. Thats the best I can do in terms of trying to argue theres a good aspect of the functionality.
But what about Gmail you say? Well, I personally don't use the web interface anyhow opting instead for a nice/superior experience from a local client but IIRC the tab starts blinking when theres new mail and the number in the title bar changes.
Even LinkedIn and its simple blue dot on the title of the tab is sufficient for me to know theres new activity there if I want to bother looking (ooooh loooook - a guy I know knows a guy that posted a virtue signaling meme regarding a supposedly socially relevant topic that companies pretend to be concerned about - I MUST KNOW ABOUT THIS IMMEDIATELY!).
Now, on to changing browser and OS notifications on all 4 home systems to my preferences this morning. I didn't realize how much the hubris of bugging me with stupid crap annoyed me until this prompted me to consider it. Thanks OP!
I was too! But then like I mentioned with UX dark patterns encouraging users to click by making them believe they have to click it, it's perhaps not as surprising. Non-technical users are already conditioned to click OK or Yes to anything that appears on their screen without reading it.
Glad you found the advice useful!
Deleted Comment
> I have never seen them used for any legitimate or useful purpose
That's definitely overblown. I've got a half-dozen enabled, and on re-reviewing that list, I still think they're legitimate. Upon checking mine, I've whitelisted Google Calendar, Gmail, Google Meet, Mattermost (work chat app), and Slack, and I want notifications enabled for all those things.
[…]
> I've got a half-dozen enabled[…]
That's fine for you, a purveyor of tech news. For almost everyone else, they are a means to spam and false malware notifications.
Our company provides services to clients who rely on computers but aren't necessarily computer experts. The only instances of browser notifications that I've seen (on client machines) are those I just described. In fact, yours is the first instance of someone appreciating them that I've encountered.
No shade intended. I just don't think their benefit outweighs their abuse.
TFA said they're without purpose, I said I disagree. You're now saying their abuse outweighs their benefit, which is a separate topic, and is more subjective. I'm not sure I entirely agree, but I could definitely see a case for that.
We rely on them extensively for basic notification functionality in healthcare applications.
We literally send out alerts that save people's lives using web push notifications, so I think it's a bit cavalier to dismiss them entirely.
I do agree that it would be nice if the were restricted a bit more, perhaps to installed PWAs of some sort.
Most of it are native apps tho ?
The difference is that you install app explicitly for purpuse of doing that, vs "I accidentally clicked on website and now it sends crap to my feed" of average illiterate users.
I have a couple of clients I woke with so I prefer to isolate them by profile in browser…
The key idea is that enabling notification should be an explicit actions, and have more consent than a single click.
I have three enabled. One is for a past side-hustle, but the others are messages.android.com and messages.google.com . Definitely keeping both of those, even if/when I finally mostly depart the google ecosystem.
I (over)use the keyboard shortcut of windows key+# (so win+1 switches the focus to the first application icon on the taskbar, win+2 the second, etc), and I've got muscle memory of which applications are pinned to each place. Plus, I've already got the muscle memory of how to get to the various websites I keep open.
Personally I haven't had any use cases for them and they have only been a source of frustration.
https://imgur.com/a/ZXxnM1G
EDIT reply to: >That ad must've been injected by the proxy you were using to access LibGen.
I just went to the top search result for "libgen" from google search result. It's possible they were trying a temporary monetization trial to take advantage of the Z-Library shutdown and that push notification is now gone. The other possibility is that the search result pointed to "libgen.ee" or "libgen.il" which apparently is a clone of Libgen (they call it "Library Genesis+") and it's the clone sites that have the push notifications. It's confusing to to people not familiar with it to know which is fake and which is real. (screenshot of google results: https://imgur.com/a/65Beo8H)
On another side note, what's amazing is how that website got a push notification silently past Chrome's "Privacy and security" setting of "Sites can ask to send notifications". There was never a "Allow this site to send notification?" prompt. I wonder what Javascript trick they used to bypass Chrome's security.
Yeah, you should never use google for this.
Protip: find the wikipedia article of your site of interest and bookmark it as a source of always up to date urls. Conversely, just use alternative search engines like duckduckgo and/or brave search.
I don't recommend relying on Wikipedia as a source of up-to-date anything.
Deleted Comment
Now personally, I have disabled all native push notifications or at best have them sent to the "Notification Center". And after seeing my GF bothered by so many notifications, I showed her how to disable them. Everyone else is on their own.
Although it can be useful for some web applications, I kind of wish that push notifications were not added to browsers. Most often they are just abused to spam users. The pop-up you get while going to pages asking you to allow push notifications is also annoying. I have started to disable notifications in all the browsers I use on mobile and desktop.
Here's a question. Can you disable web sites asking while keeping the notifications that you have already allowed?
I'm building a niche social media PWA (eschewing native apps to save time), and use browser push notifications to let my users know when someone has DM'ed them.
I prefer running Slack in the browser, and I need to receive message notifications.
Push notifications aren't any less useful to have in browsers than in native apps.
Though I would like to see the prompt locked behind "add to home screen".
The thing is, many non-technical users don't even know where or how notifications really show, much less how to edit/remove them.
At one previous job, that supported vehicle registration for county clerks, there were enough situations where multiple users would "work" on the same vehicle registration that we had to let users know if some other user updated that particular record - rather than fail/error if that user presses submit "too late".
Even to use this theoretically, though, I'd want the strict ability to control who can even send me a direct message. As it stands, the only thing I currently allow push notifications for are SMS and Signal, but the SMS texts are still overwhelming election spam from people who aren't even trying to spam me but have the wrong number for my mother or grandmother and bulk property buyers who claim they want to buy one of my houses. So I hope you plan to enable user-controllable proactive origin filtering (not after the fact user-by-user blocking).
Consider food delivery services (from the reastaurants). We actively order food directly from the reastaurant where possible, because Uber Eats charge more for the food and still charge "service" fees + delivery.
I've just checked, and I have 7 (including Uber Eats) food and grocery delivery apps.
It would be my preference if I dealt with a PWA instead of having to install many apps with varying quality. A notification of the status of my order is useful, and with the grocery apps, sometimes an item that I've ordered is out of stock, and I have a small window to take some action (if I hadn't chosen one when ordering).
Browsers should've really made it an user-initiated action. Something more akin to adding a site to your browser's bookmarks than what we have currently.
The other big positive is that the closer PWAs are to native apps in functionality, the less of a stranglehold Apple and Google will have over app distribution.
Push notifs in a PWA get us about 90% of the functionality of a native app on Android and (finally) iOS.
I completely agree with the author about how hostile the "modern web" is. At least push notifications are dubious in value from the start, but unfortunatelY JS seems to be trying to replace built-in functionality of the browser like rendering static content.
I like to disable JS, but these days virtual no site works without it (except HN, kudos!)
As the famous proverb says "give a man a fish and you feed him for a day; teach a man to fish and you feed him for a lifetime". The best way to "fix" phishing attacks and malware is by making people more "technical". The only way to eliminate these phenomena is by educating people about what a Push Notification really is and that you simply don't have to click it.
The Web needs to be a competitive platform for apps next to the closed and "gated" App Stores. I think that we should not dumb down web browsers to simple page viewers.
I've been trying to do this for 25 years. It has yet to be successful. Especially since the vectors of attack change constantly.
> The Web needs to be a competitive platform for apps next to the closed and "gated" App Stores. I think that we should not dumb down web browsers to simple page viewers.
Disagree 100%. With native(ish) apps at least I can do things like block internet access if I don't want them to "phone home". I can also downgrade (or not upgrade) them if they push regressive "updates". Web apps take all control away from the user. We need ways of running whatever we want on mobile. But using web apps as a workaround is a cure that's worse than the disease.
I continue to try to educate, but nowadays I make sure they always have ad blockers installed (I believe most of the tricks they fall for stem from malicious ads) and I try to lock things down and disable features where it makes sense. I dislike the locked down world of iOS and what has become of MacOS, but I appreciate having it for devices they use. This is part of my job, I think about this stuff every day and I still worry I can't keep up, so I can't really expect the same from them.
Any plan now and going forward has to take this reality into account. Not blame the victim.
I always “poll” data mentally, I find this to be crucial to me maintaining control over my devices and not allowing them to control me.
Most people are not ok with missing incoming calls.
You just described why millennials consider phone calls incredibly disruptive and rude (and I entirely agree with them despite being a Gen-Xer).