On 2/14/07, Ben Bucksch <[EMAIL PROTECTED]> wrote:
I still think that showing *only* the second level domain - *not* as
part of the URL, which is technical glibberish for most people - is -
next to bookmarks - the best approach against phishing, even though a
dramatic change in browser UI. I *don't* think that just bolding the URL
is enough.
Interesting. I'd buy that argument, really.
* Show domain very prominently in the middle of the urlbar, so that
even a normal user can't miss it. Not as textfield, but
non-editable, selectable, bold label.
I'd actually keep this in the location bar, but give it a very
button-like UI treatment. That way it also acts as a "snapback" to the
root domain.
* Show the EV cert holder, if available, next to the domain. No
other special treatment of EV.
For EV I was going to suggest that we don't show the domain name, but
instead show the name of the cert holder. So [Paypal, Inc.].
* Keep search field
Yeah, that's not going anyplace soon. ;)
* Remove the urlbar, to avoid clutter. Only in default config, it
will still be available in the toolbar customization.
That's probably also not going anyplace soon, but I think there's a
lot of opportunity to make it more interactive and useful. Direct edit
capabilities need to be there to satisfy a core user set, and also
because, as you learn more about the internet, it turns out direct
edit of the URL field is achingly useful. I think we want to add
functionality to make the URL bar more useful for novices while not
taking away power from pros.
* Put an "open" button to the left of the domain field. Clicking on
it shows the current URL in a textfield (either in dialog url
toolbar), in a way so that the user can easily either edit the URL
or enter a new one.
Or do clever things when the user gestures that they want to enter an
edit mode by moving the mouse, clicking in the text areas, etc.
There are 2 problems with that approach:
* It will make tech guys freak out, they want to see the URL at all
times, but they can customize their toolbar. There is no practical
problem, because clicking on "Open" button and starting to type
takes exactly as many clicks as clicking on urlbar and starting to
type.
As long as the resulting structure looks sort of like a URL, I don't
think you're actually going to see this freakout, actually. I think
you will if you take away their ability to quickly cut, paste, and
edit the URL.
* It will confuse people who want to go to a site by entering the
domain. They'll probably start entering URLs in the search field,
which is not what we want. Trying to recognize the URL/domain may
or may not be always possible, and turns the field a dual-purpose
field which is generally a very, very bad idea for usability and code.
There's been some good evidence recently that shows:
- people type in domain names to the location bar up to 30% of the
time for navigating to a new page
- people type in domain names to search engines to find competitors
or similar businesses.
Anyway, we're into UI design, which I promised myself I wouldn't do in
this forum, but I just find this idea of making the location bar
smarter and more useful so *intriguing*! :)
cheers,
mike
--
/ mike beltzner / phenomenologist / mozilla corporation /
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
