Hi, in Firefox 2, the SSL indicator was a yellow background in the address bar. This was replaced by a blue background for the favicon in Firefox 3, quickly followed by also displaying the domain to prevent spoofing in Firefox 3.5. All this time, there was a lock indicator in the status bar that users could be referred to (although in Firefox 3.5, it lost the domain name that had been shown next to the lock in Firefox).
In Firefox 4, the lock indicator was removed together with the status bar. Now, in Firefox 14, the lock returns to the place where the favicon was, banishing the favicon to the tab header. Except for 2010, every year since 2008 has had at least one significant change to the SSL indicator. This means that each time we finally managed to teach users what to look for, that changed. Training users is hard. Training users to look for SSL indicators is even harder, as not only do all browsers use different indicators, they also change all the time. Users trained to ignore locks in the favicon location (due to spoofing) will now need to be re-trained to look and trust just in the place they had been trained not to trust. The damage has already been done, so it is pointless discussing the change or reverting it, that would just cause more chaos. Just please strongly consider to stop changing the SSL indicators ever year. Kind regards, Jan -- Please avoid sending mails, use the group instead. If you really need to send me an e-mail, mention "FROM NG" in the subject line, otherwise my spam filter will delete your mail. Sorry for the inconvenience, thank the spammers... _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
