Anyway, you may, or may not, nitpick about the used text and what not, but a fact is a fact, this works for MultiZilla users, but what do you think about this?
So this is an implementation of "New Site", from http://www.gerv.net/security/phishing-browser-defences.html#new-site ?
If so, that's great :-) However, I have a few comments on the implementation:
- The text used to explain the feature isn't at all clear to average users. What is an "encrypted security key"? What does it mean if it's missing? The message bar doesn't say.
- IMO, there's no need for preferences for this stuff. Firefox isn't going to have UI for an IDN preference, or a "display as punycode" preference.
- The explanatory text in the popup is too verbose.
- I don't think it's necessary to involve the whole "Master Password" thing. Most users don't use them anyway. A "hashed SSL domain history" is even less privacy-invading than keeping a cache of SSL certificates, which is a fairly uncontentious thing for a browser to do.
Did you consider adopting the UI suggestions in my paper?
Gerv _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
