Hi folks! tl;dr: I would like to change the current trusted UI by:
1. A system dialog enabled via hardware buttons. 2. Extra information about web apps. Long version: Let's face it. Nobody likes the trusted UI :(. With the current design, it is really hard for an user to notice why the content embedded within the trusted UI should be considered as trustworthy. We are not giving any hints to the user to help her understand the reasons and rationale behind the current UX. It is even hard for people involved in the development of FxOS to understand these reasons. And even understanding them, there are some serious doubts about its effectiveness. The current visual experience is also far from perfect. We are losing the 20% of the screen size, which is quite significant and seems like a high prize to pay for the questionable benefits of the current UI, specially for some devices already in the market. So I'd like to take a step back and revisit the design of the trusted UI. I won't enter in too many details about its use case and requirements. There is an endless discussion about it at [1] that you can read if you feel strong enough for it. But basically, the main reason to require a trusted UI in FxOS is the lack of a browser chrome UI as defined in [2]. In FxOS everything on the screen is web content and fullscreen apps can easily emulate system components like the status bar. So my proposal to solve the issues associated with the lack of a chrome UI is the following: (A) - Require the usage of hardware buttons to enable system flows where the user is required to enter sensitive information like the payment pin or the Persona password. I am thinking about a flow like: The user clicks in the "Buy" button of a Marketplace app. A system dialog containing the payment flow is shown. The dialog is disabled by default and we ask the user to click in (for example) the home button to enable the flow (with a nice expanded explanation about it). Once the user clicks the home button, the dialog is usable and the home button recovers its default behavior. No app can emulate this behavior since hardware button events are only available to the System app. If an app tries to emulate it, the default action assigned to the hardware button will be triggered. In the example above, the app will be closed after hitting the home button. You may argue that we are making the flow more tedious by adding one extra step to the flow, but this can be mitigated by letting the user disable it via settings at her own risk. (B) - The proposal for (A) is only valid for system dialogs and we can only apply it over flows that we trust 100%. So we are still open to phishing attacks within any other application as we are only exposing a very limited information about them. Right now we are only showing in the card view the origin of the content being shown if it defers from the content of the web app loading it. And sometimes this information is not complete as it might not even fit well in the screen [3]. This can not only confuse and create misleading cues for novice users that are not aware of what an URL is, but it is also insufficient to advanced users who are knowledgable enough to interpret what this means cause we are not providing them enough information. IMHO we should be showing at least similar information to the one that we show in desktop [4] to tell the user if a connection to a website can be considered secure or not. We should be showing "if the website you are viewing is encrypted, if it is verified, who owns the website, and who verified it". And we should show it with an easily recognizable code like the icons and colors already used in desktop [5]. The card view seems like the appropriate place to do it because it is not spoofable by any other app as it is triggered only via hardware buttons and we have relative freedom to show additional information in the same context of the app without affecting the app itself. We can show icons with extended information accesible via click or whatever. I'll let UX decide the best way to display this information. Any feedback is highly appreciated. Thanks, / Fernando [1] https://bugzilla.mozilla.org/show_bug.cgi?id=768943 [2] https://developer.mozilla.org/en-US/docs/Chrome [3] http://imgur.com/YxBchvS [4] https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure?as=u&utm_source=inproduct [5] https://support.cdn.mozilla.net/media/uploads/gallery/images/2013-07-12-06-34-11-d9ae16.png _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
