Already the screenshots of the report from 2016 on page 3 show why no normal user can recognize if a website was encrypted or if an EV certificate was in use. The browser manufacturers must agree on a uniform, easy-to-understand presentation of the security indicators and not change them every month.
The screenshot from the 2019 report also shows why normal users cannot tell if an EV certificate is in use: it is simply not recognizable cause most of the indicators are deleted. Please repeat the test with a browser that displays the full company name in green AND the complete address bar in green. In my opinion, the two linked reports are not acceptable due to deliberate destruction of the security features in the browser UX. Am Donnerstag, 10. Oktober 2019 00:23:28 UTC+2 schrieb Ryan Sleevi: > On Wed, Oct 9, 2019 at 6:06 PM Paul Walsh via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > I believe an alternative icon to the encryption lock would make a massive > > difference to combating the security threats that involve dangerous links > > and websites. I provided data to back up my beliefs. > > > > Here's peer-reviewed data, in top-tier venues, that shows the beliefs are > unfounded: > https://ai.google/research/pubs/pub48199 > https://ai.google/research/pubs/pub45366 > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy