Earlier today at Mozilla the UX team along with Mike Beltzner and
Johnathan Nightingale spent a good deal of time discussing how we want
to evolve the security UI in Firefox. We are planning on making a few
changes to our current approach based on what worked (and didn't work)
in Firefox
Please do. :)
Adam
On Wed, Nov 4, 2009 at 6:27 PM, Alex Faaborg faab...@mozilla.com wrote:
Earlier today at Mozilla the UX team along with Mike Beltzner and Johnathan
Nightingale spent a good deal of time discussing how we want to evolve the
security UI in Firefox. We are planning on
Yeah, I understood :) I haven't seen much discussion of these issues
so figured I'd try and start some - perhaps a lurker would be
motivated to work on it. Or maybe the Chrome team in a later release.
The force-ssl stuff seems like good progress. Still, Chrome takes a
less aggressive stance than
On Tue, Nov 3, 2009 at 12:54 AM, Mike Hearn mh.in.engl...@gmail.com wrote:
Yeah, I understood :) I haven't seen much discussion of these issues
so figured I'd try and start some - perhaps a lurker would be
motivated to work on it. Or maybe the Chrome team in a later release.
We had a lot of
+CC Ian Fette, our security PM.
None of the issues you raise are new; we've considered them for a couple of
years.
In general I agree that positive security indicators are designed around the
idea that users should be alarmed by something's _absence_, which doesn't
work well with how people
I do think our host-versus-everything-else coloring in the address bar helps
with phishing URLs even if users can't articulate what the different colored
sections are.
Would this be a good time to revisit this issue:
http://code.google.com/p/chromium/issues/detail?id=1971
Both Firefox and
On Mon, Nov 2, 2009 at 1:10 PM, John Munro ghost...@gmail.com wrote:
I do think our host-versus-everything-else coloring in the address bar
helps
with phishing URLs even if users can't articulate what the different
colored
sections are.
Would this be a good time to revisit this issue:
On Mon, Nov 2, 2009 at 11:23 AM, Mike Hearn mh.in.engl...@gmail.com wrote:
- Use of cheap negative trust indicators, for instance if a page
matches the regex Bank of America and is not the well known site a
small bar or bubble could appear that says This website is not owned
by Bank of
The malware and phishing system does a pretty good job of detecting
phishing sites like this, which we get notified of via SafeBrowsing
SafeBrowsing is a great system, but it ultimately relies on savvy
users telling us that a site is phishing. Some scams are sufficiently
good that the majority
On Mon, Nov 2, 2009 at 2:28 PM, Mike Hearn mh.in.engl...@gmail.com wrote:
I disagree that the padlock animation would be adding visual noise,
I wasn't commenting about the animation, rather the presence of an indicator
on normal sites.
PK
--~--~-~--~~~---~--~~
[repost with my actual signup address]
Ah, I see. Yeah, I agree, that would clutter Chrome a bit.
I'm not sure what direction to look in then. Things like SafeBrowsing
suffer from the imperfect protection problem, but they are still worth
doing. Only showing indicators when the site
On Mon, Nov 2, 2009 at 11:23 AM, Mike Hearn mh.in.engl...@gmail.com wrote:
I'm concerned about the way Chromium displays SSL security indicators,
which this blog post reminded me about:
http://chrome.blogspot.com/2009/10/are-you-seeing-red.html
There have been a few studies of SSL
I now have a new response ready for the next click to select all thread:
the best way to make your case is to write an academic paper and
conduct a user study that shows how the new UI out-performs the
current UI.
-- Evan Stade
--~--~-~--~~~---~--~~
Chromium
I'm sorry if my email came off as dismissive. I really would like to
see some serious study of user interfaces for certificate errors. I
think everyone agrees that the current designs can be improved. We
even know how to measure success (e.g.,
14 matches
Mail list logo
