Closed Bug 308793 Opened 19 years ago Closed 14 years ago

Improve secure state icon for better user feedback on security

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: amcsleite, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6


   More and more users use  high security sites to handle bank accounts and
eCommerce. Since most of users tend to use the same sites regularly I believe
the feature described below would contribute to prevent phishing and other
problems by giving a clear visual feedback of the secure state.

It works as follows:

- first allow users to list their secure sites somewhere in Options/Preferences
or on a special bookmark folder.
- second when a user browses to one of those sites an icon would appear
indicating  the 'quality’ of the connection according to the list below list:


1 - dangerous case – something is pretending to be a site on my list (show
something RED)
2 - non listed http site  (no icon / or neutral icon)
3 - non listed https site but certificate not ok (yellow icon)
4 - non listed https site (usual golden secure icon)
5 - https site is on my list and certificate is ok (green icon or better)

The icon would be placed on the address line like the RSS icon on FireFox 1.5
Beta. If possible on the left side.

AL


Reproducible: Always
This would :
1. require extra UI (in Options)
2. require Joe user to understand the differences between all the different
icons in the location bar.
3. still give anyone an option to add non-secure sites to a trusted-site list.

The idea isn't that bad... but i doubt non-geeks , or people that click OK on
anything that pops up, would ever look at it.



That "list their secure sites somewhere" part looks a lot like the Zone-concept
in Internet Exploder (f.i. bug 282231)
All you have to tell to the non-geek is:

If you are going to do your payments and  the icon is not Green you STOP !

All other cases are very bad.

AL
See also Core bug 282316.
There is one case not yet sufficiently covered by FireFox 3:

If you in the current FireFox 3 clear the history then a site is shown green and marked as never visited (double click on URL > click 'More information' button to check)
 
   To solve that inconsistency plus add security the green color should be only attributed to a correctly identified site that is also in a bookmark. 

AL


The discussion that took place before and during the implementation of the site identity verification interface (aka Larry) makes me believe this is WONTFIX.
Component: General → Security
QA Contact: general → firefox
Version: unspecified → Trunk
Resolving unconfirmed bugs older than a year with no activity as INCOMPLETE.  Please reopen or file a new bug if you can still reproduce the bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.