+CC Ian Fette, our security PM. None of the issues you raise are new; we've considered them for a couple of years.
In general I agree that positive security indicators are designed around the idea that users should be alarmed by something's _absence_, which doesn't work well with how people process things. Unfortunately, the negative security indicators suffer from the problem that they will appear near-constantly and users will quickly tune them out. My personal opinion is that much of the problem stems from the false conflation of "SSL" and "secure" in past and present browser UIs. I don't think SSL is either comprehensible or relevant enough to users that we should do things like color address bars and display lock icons. Instead, it should be one element in a larger equation of "is this site trustworthy". Note that when you click on the Chrome lock icon we do show you a couple of different pieces of information to help you decide, but this could be better. I applaud Mozilla for having tried to tackle this a bit in their UI. I think it is superior to ours. On Mon, Nov 2, 2009 at 12:23 PM, Mike Hearn <mh.in.engl...@gmail.com> wrote: > 3) Use of colored address bars is easily confused with the aesthetic > choices of the website designer. > The fact that we color our address bar is a continual pet peeve of mine. I have pushed for its removal since its inception. I will happily champion patches to get rid of it. Colored address bars overstate the importance of an HTTPS connection, reduce readability, and confuse people. It's no accident that basically all other vendors have steadily moved away from coloring the whole bar. 4) Visual complexity is used as a metric for "how hard it is to copy", > eg favicons or animations in the web page make things look authentic > This isn't really a point that's relevant to Chrome itself, but to web page authors. 5) Many users don't look for security indicators at all and have a > poor or non-existent understanding of what the elements of a URL mean. > I do think our host-versus-everything-else coloring in the address bar helps with phishing URLs even if users can't articulate what the different colored sections are. - Showing some permanent status indicator of "insecurity" that visibly > changes, eg with a very noticeable animation, when tab status changes. > I believe this will just add visual noise people will tune out. - Replacing the entire contents of the URL bar with the organization > name when an EV cert is present rather than displaying both. > This suffers from a number of problems, especially with editing URLs (there are fixes to make the real URL "magically" appear when you focus the address bar, but they feel gross), as well as obscuring your location on a site. - Use of "cheap" negative trust indicators, for instance if a page > matches the regex "Bank of America" and is not the well known site a > small bar or bubble could appear that says "This website is not owned > by Bank of America". This would obviously have a high false positive > rate, but that's OK because it simply asserts a negative rather than a > positive. In addition to the "false positives make users ignore the metric" obvious problems, this implicitly has false negatives since we can't do this for every site on the web and if users grow to trust it they are at higher risk when on pages for which we don't provide this. Sadly, good UI for security is extremely difficult. PK --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---