WordPress 3.2: Browse Happy or Browse Crappy?

I get anxious when I see a bill that needs paid, or a piece of software that needs updated, or I think of a phone call I have to make that I haven’t done yet. Anything that reminds me of something that I need to do, even if it’s not urgent or important, adds to a low level of anxiety and I’m now experiencing a itching feeling crawling over my skin when I test out WordPress 3.2 on IE 8. There is a big yellow box telling me that I have to update. What with Google now telling WordPress users to update their website, and WordPress telling their users to update their browser, a whole new level of anxiety has been added to my life – update, update, update!

Browse Happy is one of the new additions to WordPress with 3.2. Browse happy tells you that you’d better update your browser, the implication being that without updating you are browsing unhappily. I don’t know about you, but I was pretty happy not having a giant yellow button on my WordPress dashboard.

Let’s look at some of the issues.

Support Dropped for IE6

IE Countdown map

I’m so torn on this. On the one had I’m like “Yes! Great! Drop support for IE 6!” And this seems sensible to anyone working on the web. However, a quick look at Microsoft’s IE6 Countdown tells us that 33.9% of people in China are still using IE6. China has a population of around 1.4 billion people – so that’s a lot of people using IE6. The WordPress users amongst them are going to end up with a back end looking like this:

WordPress Dashboard in IE6 - looking ugly

I’m sure that WordPress have done their research and figure that there just aren’t enough people in China downloading WordPress to make it worth their while continuing support for IE6.

But the problem with IE6 is that some people have to use it because they are using legacy software, and not everyone can afford to upgrade. Not only that, but there are lots of people who have to use IE 6 at work. Yes, we should be encouraging big companies to finally make the switch, but I’m not sure if breaking the WordPress dashboard is the way to do it. It’s more likely that such companies considering using WordPress won’t use it, or that they will use older, more insecure versions of WordPress.

And so, I remain torn – I definitely support the loss of IE6 but I’m not sure if breaking the WordPress dashboard is the way to do it.

Browse Happy on the Dashboard

browse happy notice

Personally, I keep my browsers up to date. I just have IE 8 on my computer because I never use IE (except for the occasional testing) so haven’t bothered updating it. I’m quite happy pootling along, updating my browsers whenever they need it.

What I find annoying is a bright yellow button telling me that I should update my browser. It is incredibly intrusive. Yes, you can click the dismiss button but that doesn’t make it less annoying. I understand the logic of it – something is annoying so it encourages you to do something good which fixes the annoyance. I’m all for a bit of social engineering but I’m not sure if WordPress is the place to do it.

Scenarios in which I really have a problem with browse happy:

  1. Creating a site for a client – I don’t want to impose this upon them when they log in. I’m going to have to get rid of it with a plugin;
  2. Running a huge network, in education for example, where thousands of users are using browsers that aren’t up-to-date. IT Departments aren’t going to want a piece of software telling their users to update.

This isn’t the first time that browse happy has been a issue. It used to appear in the WordPress footer and caused this discussion of it on Trac.

Mark Jacquithasked this question way back in 2007

How does this improve WordPress and the WordPress experience?

And that, essentially, is the problem –  how does this improve WordPress and the WordPress experience? I’m not convinced that this latest change does. Plenty of people don’t want to use the most up-to-date version of a browser as it may have bugs or problems that need to be ironed out, others don’t upgrade because of software or work constraints, others because they like the version of the browser that they are using. The whole thing just feels a little bit patronizing.

Don’t get me wrong – I support the Browse Happy campaign in principle, I just don’t want it as a bright yellow lump on my WordPress dashboard, there for my clients and my network users. I think it’s the wrong way to go about things. What do you think?

 

26 Responses

  • I firmly believe that instead of giving people such harsh warnings to upgrade the browser we should really be going down the path of graceful enhancement. Give users as many features as their browser can support although a nice nudge to upgrade the browser isn’t the end of the world as is sometimes welcomed.

  • New Recruit

    This is a pretty gray area, but I’d opt for browse happy, too. IE6 is almost a decade old, come this August, and at some point you have to *sh!t or get off the pot* as they say. I see the Browse Happy campaign as one where you get so many people unhappy about their browsing experience that they will eventually upgrade — like the rest of us. It’s almost like people who are massively in debt. You can hold their hand and defer payments for a while, but at some point, that change has to come from them to pay off the debt — and some really need a whole bunch of notices/whatnots for that final wake-up call. At least with IE6, the upgrade only takes a few minutes and it’s free! I haven’t taken a look at WP3.2 RC2, so I don’t know if that Browse Happy message is only conditional for IE6 users — hopefully, it is. All I can think about when I look at your screenshot above is the same method that Google uses in notifying its users of dropped support for IE6/7. Yes, it is in-your-face, but really… something like this is exactly what needs to happen to drive change. And who knows? Maybe having Browse Happy displayed for the next two/three point releases will actually help drive down IE6 usage for WP users =)

  • IT departments not willing to upgrade are just going to have to not use WordPress. IT depts’ need to proactively phase IE6 out even if that includes *shutter* more work for them. IT people are such a pain. It’s true.

    Kill IE6. WordPress isn’t the only one not supporting it. So is Google and Facebook. It needs to die already.

  • New Recruit

    @Siabhan Eeeeek. That is a tad much. FF is already prompting me every day to upgrade to version 5 and I haven’t done it yet, because FoxTab isn’t up to snuff. That said, I actively read through everything to make sure I don’t get fooled into installing useless toolbars into my browser either during the upgrade or re-setting my default search engine/browser.

    It’s hard for me as a web designer to gauge what the average user cares about. Do they just glance at the notice and hit update right away without giving it much thought? And would that be such a bad thing? If doing this is what it takes to train people to upgrade their browsers regularly so that we can be on the same page, then I have no gripes with that. “Look ma! I just upgraded your browser! Can I have a cookie now? Not that one, the chocolate one!”

  • New Recruit

    Browse Happy for sure :) Finally, IE 6 is almost dead. Gosh! As a web designer and developer I hate it so much I can’t even find the worst curse out there to describe my hate! For me it is quite stupid to have at least 3 major browser and every single one of them to perform different on a site. Complete nonsense :) And when you keep in mind that the web is using standard-wide coding (ie HTML5, CSS3…), why there can’t be a one single browser, just one?!? For 4 years I’m trying so hard to understand what’s the point of different browser – they are all free!

    But Yeah, at least there are some people with clear minds that can actually look in the future, not in the past :)

  • Honestly the latest version of 3.1-3.2 really sucks, they didn’t updated and deleted the plugin of Embedded media from it , it took me 1 hour to download 3.0.4 wordpress manually on my site , the latest one is little faster but the older one is like heaven , i really am astonished from their this step as they told everyone that they’r excluding embedded media from WP because of some notice from microsoft , they should fix this problem and add it soon as possible or most of the users will never update their site and may be this step will put the publisher in trouble because of security issues behind it , hope they’ll take some good action .

    With Rgards

  • This is absurd. WP itself isn’t fully compatible with current versions of various operating systems and platforms – but they’re pushing users to upgrade if their browser is even a week “old” – or, in the case of IE8 on XP, the current version? It just doesn’t make good sense.

  • I have to agree with Siobhan and Shawn – as much as I’m fine with notices about IE6 (and7), FF<3 etc, anything more is just overstepping the mark. As there is some valid reasons to not upgrade to the latest version straight away (plugin/OS incompatibility) this will just alienate those WordPress users…

  • I turned my notice off for now …

    Go to:
    wp-admin
    includes
    dashboard.php

    Line 28, comment-out this line:
    //$response = wp_check_browser_version();

    .

  • @Jason, my wife is/(was) getting the warning on a fully patched Win7 machine with IE9.

    If you actually look at the code, it’s NOT testing the actual browser version, but a hash of that, and anyone very familiar with client-side apps knows that you can adjust the User-Agent header by installing any of hundreds of toolbars or plugins, and the order in which you install them changes the User-Agent header differently each and every time. It’s also posting not just your browser version “hash”, but also the site URL and WordPress version to api.wordpress.com.

    This is sufficient information for an evildoer to create a plugin that can use a pre_http_request filter to post your administrative cookie to a third-party site by rewriting the URL, using that information (and your own browser/URL) to exploit your own site, or executing malicious code thru the http_response filter. Yes, each of these *could* have been accomplished directly within the plugin itself, but that makes it more obvious. Who scans their plugins for http_* filters? And more importantly, last month WordPress.org demonstrated how insecure the plugin upgrade system can be. It would take me all of about 10 minutes to add 4 lines of code to an existing plugin to make it so that it could exploit this information to take over your site and prevent the plugin upgrade routines to remove itself from future checks as well.

    This isn’t simply a matter of helping people with client-side security issues – it’s much bigger than that.

    I wrote a plugin a couple nights ago that makes this a little safer by defusing the security check without having to hack the core. I’m going to see about publishing it to WP today.

  • I have several blogs and I upgraded them all to WP 3.2 except one. This one that is still on WP 3.1 is falling down in Google rankings. Is it possible that Google prefers blogs that are regularly updated to the newest versions of WordPress? Or is it just a coincidence…

  • Personally, I wholeheartedly support Browse Happy and would like to see it integrated into the default WordPress themes as well as the admin.

    Fact: Using an outdated browser is a security risk.

    If you are running an outdated browser on your own computer you are not only putting yourself at risk, but you are contributing to the stagnation and slower development of the Internet. And no, neither graceful degredation NOR progressive enhancement are the answer. There is no excuse for being outdated other than ignorance, obliviousness, or laziness. Updating is free, it improves the rate of adoption of newer web standards, it protects your from malicious sites, and it speeds up and improves your general web experience.

    The solution is education (solves ignorance & obliviousness) and nagging (solves laziness). Both ends are achieved through a nag like Browse Happy.

    But what about corporate technology stagnation, you ask!

    This is where the education component is most important. IT departments that allow or (gasp) require that their organizations use outdated browsers (IE 6, 7) are putting THEIR ENTIRE ORGANIZATIONS AT RISK. This needs to be made abundantly clear and repeatedly so.

    Here’s what I propose: building out the Borwse Happy website to better educate both consumers and corporate users to both the risks and drawbacks of using outdated browsers, and the benefits of using newer ones. Orgs stuck with Windows XP may not be able to get IE9, but Chrome is easily deployed on XP, and considerably more secure than any version of IE… So there are options, if only people could be made aware of them.

    You can also use cookies to save nag state. This allows a nag to be dismissed and not appear again as long as the cookie is valid. I use such a technique in Adventure Journal.

    Finally, nags should be attractive and fit with a site’s theme, while maintaining some kind of universal uniformity. For instance, nags all have the same layout and basic components, but a different background, font colors, etc. The current BH nag in WordPress is an eyesore, and that is not okay IMO. The more websites that use this kind of “universal update nag”, and link back to the same informational site, the more traction the “upgrade” movement will gain, and the better off the Internet will be in general.

    My point is this: nags SHOULD be used, and everywhere. Consistently. The current system also needs to be further developed, however. It needs to consistent, but configurable. Attractive, but dismissible. And it needs to helpful and informative. If a nag can hit all those points, and gain widespread adoption, we could change the face Internet permanently, and in months instead of years.

    • Matt, I don’t disagree with the OBJECTIVE of Browse Happy. I disagree with the implementation. The current methodology doesn’t address actual security issues, only perceived security issues, and it actually increases the threat footprint, by pushing exploitability information across the web.

      Fact: The WP detection method does NOT properly identify what an “outdated” browser is:

      Fact: The implementation used by WP actually *adds* a security risk (information about your site and session are pushed to wordpress.org):

        • Yeah, IE9 shouldn’t be triggering the alert. Do you have any suspicions as to what might cause that false-positive?

          On a related note, I’ve often heard some people calling for feature detection as opposed to browser sniffing. Libraries like Modernizr facilitate this, and are heavily used by Progressive Enhancement proponents (of which I am not one). While this sounds good on paper, I think the ultimate goal is to try to keep general USERS up-to-date no matter what, and feature detection just doesn’t do that (for instance, even IE9 is missing some “big” CSS3 features).

          We’ll always be limited by whatever isn’t included in the latest version of IE (*cough* css gradients), and asking users to switch browsers (“Optimized for BlahBlahBlah”) is EXTREMELY tacky. This basically disqualifies “feature detection” as a viable alternative for nag criteria as there may be no option left but to switch browsers. I think the solution to this is a combination of browser sniffing, nags, and semi-graceful degredation (keep the functionality, lose some of the visual flair).

          Now if most developer agree (even secretly), but the general complaint is that Browse Happy and other Browser Sniffers are unreliable, then all that means is that the code needs some improvement. Fine, there’s nothing wrong with that. And since we can reliably assume that most users are using one of a handful of popular browsers, then we can focus on those since they usually the biggest offenders anyway (unknown or obscure browsers are probably being used by geeks or enthusiasts, so we don’t need to worry about those – they know the benefits, risks, and tradeoffs intimately).

          Browse Happy is open source, too – so if it’s not quite living up to expectations, then there’s nothing stopping us from improving it. If it has problems, I plan to do just that.

          • I discussed this above.

            Browse Happy operates by computing a hash of the UA string, *not* by detecting the actual browser and version. Thus, anyone actually using an uncommon toolbar or browser add-in (such as those custom coded by website managers to aid in management or advanced function) will always be detected as “old” simply as a result of non-optimal visibility. By any measure, that’s a failure.

            Again, it’s not that I disagree with the objective, only that the implementation sucks.

            Another issue is the security flaw exposed by allowing hooking into a forced push to a third-party server. This isn’t a minor thing. There are at least a half dozen ways that this security check itself can be exploited to gain control over the site or server using it.

            In situations such as these, it’s far more important to neither confuse the user more, nor increase the exploitability footprint. After all, do you really think that anyone still using IE6 or Firefox 2.11 is unaware of that fact and as a result of these nags may suddenly decide to upgrade?

            Bottom line: the objective is a non-sequitor and the implementation is horrifically flawed. It will neither accomplish the objective of eliminating “old” browsers nor decrease risk.

            In a worst case scenario, this new vulnerability will be abused to create a worm that specifically targets WP installations, hijacking them to effectively gain control over 15%+ of the sites on the web (more if the servers have default/flawed permissions).

  • i have two computers at home that use legit Win7. i have one that still clunks along on legit Win2000. microsoft and google/firefox don’t offer anything above ie6 (etc.) for win2000. i don’t feel like shelling out $$ for the extra win7 upgrade (hardware + software). in fact, the reason i use the win2000 machine is in my kitchen–to browse the web. there goes some fancy browsing.

    BUT, frankly, when i hit a non-ie6-supporting site, i don’t give a damn about the glitzy stuff i’m missing as long as i can get to the info i’m looking for. so… go ahead. maybe i’m better off without the fluff anyway that comes with later browsers.

    (oh yes, microsoft won’t support it’s security essentials either on this dinosaur; but at least Avast does–thank you very much; and winamp works fine too).

Comments are closed.