On Thu, Dec 14, 2017 at 3:31 PM Matthew Hardeman via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> I have several questions for the community to ponder: > > 1. If a technologically detectable and authenticatable indicator that a > site was "measurably more trustworthy than the general case for the purpose > of engagement in commerce", would that merit a browser UI indicator of some > form? Specifically a browser initiated UI element, such that the target > website itself could not simulate or emulate the indicator in a compelling > way. No. As a rhetorical framing though, I’m not sure it’s a productive avenue. There are a number of inherent assumptions and flaws even in the framing of this that it ultimately prevents meaningful discussion. Your second question embodies this in its presumption of a solution, while also being inherently tied to encouraging opinions without data. I dislike the inherent framing as UI as somehow a consensus driven approach, but if I were to encourage you with more productive questions: 1) Do positive indicators improve compliance? There’s ample HCI and usability research on that, so perhaps that’s a good starting point in unpacking some of your assumptions captured in the question. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
