> On Oct 28, 2019, at 3:39 PM, Wayne Thayer <wtha...@mozilla.com> wrote: > > Hi Paul, > > On Mon, Oct 28, 2019 at 2:41 PM Paul Walsh via dev-security-policy > <email@example.com > <mailto:firstname.lastname@example.org>> wrote: > > [PW] So you dislike Mozilla’s implementation for the tracker icon in the > address bar? When you update to 70.0 you’re prompted with an educational-type > pop-out to draw your attention to the visual indicator. Do you think that’s a > bad idea? Do you think users should just know how to use browser software? > > > This repeated comparison of the EV indicator to the privacy shield is apples > to orangutans. The security and privacy of a Firefox user doesn't depend on > them interacting with the privacy shield. If a user never notices the privacy > shield, that user will be as secure as one who examines it on every page > load. It follows that there is no need for users to be properly trained to > interact with the privacy shield to protect themselves. This gets to the root > of the problem with the EV UI as a positive security indicator.
[PW] Good point in regards to the fact that users are better protected even if they’re not aware of it. If you believe the visual indicator has little or no value why did you add it? Also, Mozilla has not conducted, or referenced recent research to prove that well designed UI can't work. Only that previous implementations didn’t work. There’s no need to do that as we are on in agreement on this point. - Paul > > - Wayne _______________________________________________ dev-security-policy mailing list email@example.com https://lists.mozilla.org/listinfo/dev-security-policy