On Oct 22, 2019, at 4:49 PM, Matt Palmer via dev-security-policy
wrote:
>
> On Tue, Oct 22, 2019 at 03:35:52PM -0700, Kirk Hall via dev-security-policy
> wrote:
>> I also have a question for Mozilla on the removal of the EV UI.
>
> This is a mischaracterisation. The EV UI has not been removed, it has been
> moved to a new location.
[PW] Technically, I think you are both correct Matt. Please allow me to provide
an analogy to explain why I say "removed" instead of "moved".
If an owner puts up a sign in their store window that says “we have moved to…”
customers will know they have “moved". But if the owner vacates the premises
without notice, customers will naturally assume it has closed down (i.e.
removed). A few might go looking for them. But most won’t.
I personally use the term “removed” because Mozilla hasn’t actually signposted
the changes anywhere. The original UI and UX was poor, which is why most people
don’t know the difference between EV and DV icons. Instead of making it better,
they made it much worse.
The team didn’t even include the update in the release notes until I brought it
to their attention. Even then it’s not in plain English - using the term “EV”
instead of "website identity” just shows how badly they have always
communicated the meaning of the UI to consumers. But what’s the point in
debating that. The horse has bolted.
Mozilla did however, take great care in educating users about the new tracking
features and new UI. This only helps to demonstrate that it’s possible to
educate users about a new feature or UI implementation for identity. But again,
I digress. So we’ll just keep this as a receipt to prove that browser vendors
believe it’s possible to train users to look for new visual indicators -
contrary to what they say about identity information.
>
>> So my question to Mozilla is, why did Mozilla post this as a subject on
>> the mozilla.dev.security.policy list if it didn't plan to interact with
>> members of the community who took the time to post responses?
>
> What leads you to believe that Mozilla didn't plan to interact with members
> of the community? It is entirely plausible that if any useful responses
> that warranted interaction were made, interaction would have occurred.
>
> I don't believe that Mozilla is obliged to respond to people who have
> nothing useful to contribute, and who don't accurately describe the change
> being made.
[PW] I agree and disagree. I agree, because Mozilla is not obliged to do
anything it doesn’t want to do. It’s not obliged to engage with the community.
It’s not obliged to engage with anyone it doesn’t want to.
I disagree because no company, especially an open source, community driven
foundation, should make changes that upset important stakeholders. Aside from
the bad karma, it is poor product management. Perhaps the lack of community
engagement in recent times is part of the reason for losing market share? Who
knows. Either way it can be made better. I personally love the brand and what
it stands for.
>
>> This issue started with a posting by Mozilla on August 12, but despite 237
>> subsequent postings from many members of the Mozilla community, I don't
>> think Mozilla staff ever responded to anything or anyone - not to explain
>> or justify the decision, not to argue. Just silence.
>
> I think the decision was explained and justified in the initial
> announcement. No information that contradicted the provided justification
> was presented, so I don't see what argument was required.
[PW] This is not a good way to build a product. I and many others called
Mozilla out for making poor decisions around it’s OS and mobile browser
strategies (lack of). So it’s possible for browser vendors to get big things
very wrong.
>
>> In the future, if Mozilla has already made up its mind and is not
>> interested in hearing back from the community, it might be better NOT to
>> start a discussion on the list soliciting feedback.
>
> Soliciting feedback and hearing back from the community does not require
> response from Mozilla, merely reading. Do you have any evidence that
> Mozilla staff did not, in fact, read the feedback that was given?
[PW] If true, this is no longer the Mozilla that my team contributed to. As one
of the first 50 contributors to Mozilla, my COO helped to build the Firefox
developer evangelist community and he built spreadfirefox .com - my engineers
contributed to Firefox code too. I don’t ever recall witnessing anyone use the
words you chose to describe how the team should behave. Perhaps your words
reflect current thinking…
- Paul
>
> - Matt
>
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/
