Open Bug 606234 Opened 14 years ago Updated 2 years ago

Request to show warning or notice accessing secure site over unsecured wireless connection

Categories

(Firefox :: General, enhancement)

Product:
Firefox
Component:
General
Platform:
x86
Windows Vista
Type:
enhancement

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: firstpeterfourten, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10

I would like to see some warning or notice in one of the corners of the browser, and maybe a hideable information bar, that reminds me I'm on an unsecured public wireless network when I try to access a site that has a form for sensitive passwords & information.

While I know I shouldn't e.g. enter bank passwords or other sensitive information while on an unsecured public wireless network, I sometimes forget whether my connection is 'secured' or 'unsecured.'  HTTPS also provides some protection on some sites, but behavioral control is the most effective - and could be even more so with a little reminder from my browser.

Reproducible: Always

Steps to Reproduce:
1. Connect to a public wireless network.
2. Access a website requiring password login or entry of other sensitive data.
3. Send the sensitive data.
Actual Results:  
Anybody within wireless range can pick up the packets and steal your information, particularly on non-https connections.

Expected Results:  
A small notice in the corner and/or information bar, or maybe even something more intrusive (like Firefox's phishing or security warnings) to remind me this wouldn't be the best place or time to conduct that business online.

This might be technically challenging because it requires Firefox to communicate with the OS and find out what network connection it's currently using, and whether that is secured or unsecured.  Be sure that in implementing this, you don't open security holes that would allow attackers to specifically leverage unsecured networks.

The security risks associated with using "secured" wireless networks are not zero, but may be significantly less than on unsecured networks, particularly if the user knows & trusts the set of other people with access to that network.
The notice here could interact with the visual display showing that a website is secure, & who the certificate is registered to.  This can be adapted to some other visual indicator to note the unsecure connection.
Component: Shell Integration → General
QA Contact: shell.integration → general
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.