RFE: Show when user visits new SSL site (anti phishing)
Categories
(Firefox :: Security, enhancement)
Tracking
()
People
(Reporter: s.marshall, Unassigned)
Details
Updated•20 years ago
|
Updated•16 years ago
|
Updated•3 years ago
|
Updated•3 years ago
|
Comment 1•1 year ago
|
||
Closing, because we won't implement this for several reasons. I think the primary reason is that we don't want to show a warning symbol on first view for trustful websites (e.g. paypal.com on first visit). This would also show the warning too many times on small websites. The landscape of https has changed a lot. Most websites use it nowadays.
Shipping an allow-list isn't great either, due to the effect of "picking winners" which is unfair to new players.
There are different mechanisms that help with the fishing aspect. The best one for the user is using a password manager that only autofills passwords with the correct matching url (Firefox password manager or add-ons like Bitwarden do this).
We do also rely on safe-browsing to give a strong signal to users when they visit known fishing-sites.
Nowadays we also highlight the top-level domain to users. So users get a visual hint on what the origin is. Using subdomains for fishing is less effective with that. (e.g. paypal.honestjohn.com).
Thanks anyway for submitting the feature request. It was a good suggestion at the time.
Description
•