Created attachment 438260 [details] Weave is not secure During the site identity work of Firefox 3, we decided to move away from using the lock icon as a symbol for SSL because users were interpreting it as meaning "this site is run by good people" as opposed to its actual meaning. However (for reasons that I honestly can't entirely remember) the lock icon was left in the status bar on the far right side. This might have been some form of compromise for lock icon defenders, or maybe we just actually forgot to remove it. Either way, the current presence of the lock icon isn't consistent with how we would like to frame site identity and the concept of security. As a side issue, the lock icon is also now being conflated with the messaging from Weave since it visually groups to the set of Weave UI currently being placed in the status bar. The removal of the lock icon also fits into our overall plans of re-framing the status bar into the "extension bar" which is going to be utilized a lot by jetpack (http://mozillalabs.com/jetpack/2010/04/08/the-single-ui-element/ ) but will also of course be great real estate for standard Firefox extensions.
bug 480357 -> add domain for SSL to favicon area bug 483950 -> remove now redundant domain for SSL from status bar bug 493010 -> remove code for showing domain for SSL in status bar (In reply to comment #0) > However (for reasons that I honestly can't entirely remember) the lock icon was > left in the status bar on the far right side. (Daniel Veditz in bug 483950 comment #12) > Currently without the lock we would have no UI to indicate "mixed" ssl mode > (the slashed lock icon). (Gervase Markham in bug 483950 comment #19) > We could certainly reconsider how we show that; one option would be a yellow > infobar. Another option would be to just silently (well, with Error Console > messages) drop all non-SSL content. I believe IE has been making some changes > in this area recently. (Johnathan Nightingale in bug 483950 comment #20) > That's been on the wishlist for some time - but requires movement on bug 62178 > which is, as they say, a dilly of a pickle. It might be a good idea to create a new icon (not lock related) just to indicate mixed content and only use that but not the lock icon. Sticking it up with the other indicators in the location bar area might be better, though I don't know what would work best for that.
Mixed content is an extremely difficult concept to portray to the user without basically saying GOODBAD! The lock with the exclamation point is meaningless. In the case of mixed content I think we should just fall back to the non-SSL UI, because that's effectively what it is if the parts of content can access each other, right?
Personally I always look around for a lock to be sure that I'm on a secure site before filling in a form. I don't know why I never got used to Blue Larry in more than two years. Maybe because the lock was also there. I even reintroduced the yellow locationbar.
How about adding a third color styling for the favicon + SSL domain area: green for EV, blue for SSL, and then lighter blue/yellow striped for mixed. Additional info would be in the popup on click and an initial explanation would come up on first page view in a notification bar as per Gerv's suggestion. For the record, with the lock removed from the status bar there'd still be a lock icon in use, just only in the popup on clicking the security indicator box.
>the lock removed from the status bar there'd still be a >lock icon in use, just only in the popup on clicking the security indicator >box. Right, but in that case the text makes it pretty clear that the lock applies to the connection itself, and not to the site that you are connected to (connection encrypted, no eavesdropping, etc.) which is what we want the lock to describe. There is also the security tab in Page Info, but that gets a lot less traffic as a very secondary interface.
Yes, exactly. It's much better than the status bar lock icon which pretty much explains nothing. Many people are "used to it", but it's basically like confiscating nail clippers at the airport: it just makes people _feel_ safe.
Google Chrome has the yellow locationbar and the lock. Opera has the lock and a *yellow* button. IE has the lock. The language of the lock + yellow seems universal.
Personally, I'd feel much happier if we got bug 62178 tucked away, so that this issue largely disappeared in the standard path, and we didn't have to wring our hands quite so much about how to communicate this concept to non-technical users. Honza - I know it's been a while, and you're regaining use of your hands - having said that, any chance of an update on that bug?
(In reply to comment #8) > Personally, I'd feel much happier if we got bug 62178 tucked away > Honza - any chance of an update on that bug? It is on my very top of todo list along with another very important security bug. I have a concept and ideas to code it. It's also important for e10s, so there is a high motivation.
Thanks, Honza. Alex - in a world where Honza fixes mixed content handling so that, in the default case (pref-controlled) we just quietly drop non-ssl content, I absolutely think removing the lock from the status bar is the right thing to do. If I can have my druthers here, though, I'd rather we fix the mixed content problem *before* removing the mixed content signal, if only because your keenness to do so will keep attention on bug 62178. :)
I agree that that is definitely the ideal case. I'm not sure the current mixed SSL indicator is really achieving it's current objective, so I would be in favor of removing the lock icon either way.
The bug 62178 route would be great; I'll stick in the dependency for now. If it's not doable by the next major release an interim compromise of replacing the lock with something at least better could be done.
The loss of the lock icon is being noticed by Firefox 4.0b7 users, and they are complaining about it being gone. Regardless of how informative or not the "lock" was, it is something that users expect in a web browser when they are making what they perceive is a secure connection. Regarding comment 7 in this Bug report, the new Opera 11 beta has moved the "lock" from the right-side of URL bar and now it replaces the site identity icon (Favicon) with a "lock" in their version of "Larry" - site identity information. http://my.opera.com/desktopteam/blog/2010/11/17/new-and-improved This implementation of a "lock" in lieu of the website icon on secure connections should be considered by Mozilla to keep their users happy and give them what they expect in a web browser. As to whether a "broken lock" is needed for pages with mixed content, I have no opinion as to whether that should be restored.
Alex Faaborg: Want to close this out now or morph it into finding a way to deal with the mixed content issue? (In reply to comment #13) To reiterate why the lock was a problem: people saw a lock and thought it meant "safe" or "secure" when in fact they could be encrypted to a fraud site which will empty out their bank accounts. It was a poorly used metaphor and the lock icon was phased out for a reason. The lock confused people, which is why it was phased out, and now they're confused by its removal. No placebos; they just cause more confusion. We don't do things just because confused users expect it.
Yeah, as Dave explains the lock icon is universally parsed as "I am safe and all is good" when it in fact it can mean "I have an encrypted connection to criminals." It really doesn't help that a lot of very confused consumer protection information out there that says "do you want to make sure your credit card is safe online? be sure to look for the lock icon!" (as opposed to say, knowing and trusting the party that you are doing business with). We want users to focus their attention and concern on the identity of the site, by using the site identity block. This block changes state based on if we can verify that identity or not, using ssl or ev. Resolving since we don't actually have a status bar anymore.