Closed Bug 303004 Opened 19 years ago Closed 4 years ago

Educate people about the yellow location bar

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: bugs, Unassigned)

Details

Currently, the default state in Firefox is to show secure site warnings once,
which contain a checkbox like this:

[ ] always notify me when going to/from a secure site

which is default unchecked... This means they will never again see this UI. The
yellow location bar makes the secureness of a site more obvious, but still a lot
of people don't know what this means. 

What we could do:

When the user dismisses the secure site dialog, show a one time educational
dialog that contains a picture of the yellow location bar, the lock, etc. Tell
them not to buy anything online unless the location bar looks like that.
I'd like to do more with visual momentum in the future, where we have dialogs
appear/disappear in ways that give users cues about where the related status
information lives in the UI.

This seems like a prime candidate: the going to/from secure site dialog could
both appear and disappear down to the lock, and perhaps even include a little
screenshot of a yellow URL bar and lock thingie, with text saying:

"As indicated by in the location bar, you've gone [to|from] a secure site
[to|from] an insecure one. Firefox will always indicate that you're browsing a
secure site by turning the location bar yellow and showing a lock.

  [  ] Always show this notification"

Also, this makes it all a single dialog pop up; I think having a dialog pop up
immediately after another is dismissed is the kind of annoyance we should stay
away from.
Like this:

When entering a high grade encryption page:

You are about to enter a page using high grade (128 bit or more) encryption.  Information you send or receive over a high grade encrypted connection is extremely difficult for a unauthorized user to intercept.  


When entering a low grade encryption page:

You are about to enter a page using low grade (64 bit or less) encryption.  Information you send or receive over a low grade encrypted connection is moderately difficult for a unauthorized user to intercept.  It is recommended that you use a high grade encrypted connection to transfer private or sensitive information.

Will finish later...


Updated mockups of potencial notification dialogs.

When entering a encrypted page:

You are about to enter a page using encryption. 
This makes it very difficult for unauthorized people to view information you send and receive on this page.  The location bar will always turn yellow and contain a padlock icon to tell you that you are viewing an encrypted page, like this:

[screenshot of yellow location bar with padlock here]

Additionally, this identity of this website has been verified by a trusted certificate authority, [name of certificate autority here].

[X] Don't show this message again.

                                     [OK] 

When entering a low grade encrypted page:

You are about to enter a page using low grade (40 bit) encryption. 
This makes moderately difficult for unauthorized people to view information you send and receive on this page.  The location bar will always turn yellow and contain a padlock icon to tell you that you are viewing an encrypted page, like this:

[screenshot of yellow location bar with padlock here]

Additionally, this identity of this website has been verified by a trusted certificate authority, [name of certificate autority here].

[X] Don't show this message again.

                                     [OK] 

When sending information over an unencrypted connection:

You are about to send information over an unencypted connection and could be easily read by a third party.  It is recommended that you send sensitive or confidential information (e.g. credit card numbers) using a encrypted connection.  Encryption makes it difficult for unauthorized people to view information transfered between computers.

[X] Don't show this message again.

                              [Continue]  [Cancel] 





When leaving a encrypted page:

You are about to leave an encrypted page for an unencrypted one.  The information you send and receive from now on could be easily viewed by a third party.  It is recommended that you send sensitive or
confidential information (e.g. credit card numbers) using a encrypted
connection.  Encryption makes it difficult for unauthorized people to view
information transfered between computers.

[X] Don't show this message again.

                                     [OK]
Assignee: bugs → nobody
Now that the yellow location bar is about to go away, the description of this bug should be changed to refer to the sire identity button.
Moving to Security...
Severity: normal → enhancement
Component: General → Security
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.