On Thu, Dec 11, 2014 at 12:56 PM, <[email protected]> wrote: > No one is going to opt-out, either. I already feel like a criminal opting-out > of the huge "invalid SSL certificate" warnings
For what it's worth, we know that the "invalid SSL cert" warning is triggered by attackers trying to hack people's network traffic. I.e. it's not just an annoyance which you, or anyone else, should just ignore and click through. In some cases the warning comes up when nothing bad is about to happen and everything actually is safe, but that's not always the case. The same thing applies to the malware warnings that we put up on various websites. My point is that things aren't as clear cut here. It's not the case that user's only ever navigate to places that they intend to, and that are safe. Nor is it the case that the browser always knows with certainty when something is bad. That said, there are many many bad ways of implementing these types of "protections". But I would not assume that mozilla would use any of those until I see evidence of otherwise. Rather than guessing what mozilla may or may not do based on the comments of someone that is not part of the mozilla community, it'd be better to try to get some facts. / Jonas _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
