On 2/5/2024 2:08 PM, Jim Fenton wrote:
On 5 Feb 2024, at 14:02, Dave Crocker wrote:
On 2/5/2024 1:56 PM, Jim Fenton wrote:
And you will also provide citations to refereed research about what you just
asserted as well, yes?
Ahh, you want me to prove the negative. That's not exactly how these things go.
You said that the URL lock symbol failed. Asking for research to back that up
is not asking for you to prove the negative.
Ahh. Defending by attacking. Nice.
But actually, given what I said, yes it is being asked to prove the
negative.
I said it's been a failure. Failure means that after many years, it has
not been a success. Were the symbol successful, we'd see reductions in
user understanding, awareness and resistance abuse.
Do we have serious data that it has been? If so, where is it? Do we
even have an anecdotal sense of widespread utility? I think not.
But wait. There's more...
All of the following are strong indicators of failure:
/"In our study, we asked a cross-section
<https://techxplore.com/tags/cross+section/> of 528 web users
<https://techxplore.com/tags/web+users/>, aged between 18 and 86
years of age, a number of questions about the internet. Some 53% of
them held a bachelor's degree or above and 22% had a college
certificate, while the remainder had no further education. /
/One of our questions was, "On the Google Chrome browser bar, do you
know what the padlock icon represents/means?" /
/Of the 463 who responded, 63% stated they knew, or thought they
knew, what the padlock symbol on their web browser meant, but only
7% gave the correct meaning."/
https://techxplore.com/news/2023-11-idea-padlock-icon-internet-browser.html
https://www.nextgov.com/cybersecurity/2019/06/fbi-warning-lock-icon-doesnt-mean-website-safe/157629/
/'In an alert published Monday
<https://www.ic3.gov/media/2019/190610.aspx>, the bureau’s Internet
Crime Complaint Center, or IC3, warned that scammers are using the
public’s trust in website certificates as part of phishing campaigns./
/“The presence of ‘https’ and the lock icon are supposed to indicate
the web traffic is encrypted and that visitors can share data
safely,” the bureau wrote in the alert. “Unfortunately, cyber
criminals are banking on the public’s trust of ‘https’ and the lock
icon.” '/
https://theconversation.com/the-vast-majority-of-us-have-no-idea-what-the-padlock-icon-on-our-internet-browser-is-and-its-putting-us-at-risk-216581
https://www.sciencealert.com/theres-a-tiny-icon-on-your-screen-but-almost-nobody-knows-why
https://www.theverge.com/2023/5/3/23709498/google-chrome-lock-icon-web-browser-https-security-update-redesign
https://www.howtogeek.com/890033/google-chrome-is-ditching-the-lock-icon-for-websites/
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim