I've noticed that secure sites no longer make the address bar yellow in firefox 3 for mac. Is this just a bug with me or have others noticed this? Is this intentional?
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9pre) Gecko/2008032904 Minefield/3.0pre
Adblock Plus 0.7.5.3
Yellow bar for secure sites missing from Firefox 3 for Mac?
-
chrisslattery
- Posts: 4
- Joined: September 23rd, 2006, 4:12 am
-
a;skdjfajf;ak
- Posts: 17002
- Joined: July 10th, 2004, 8:44 am
-
BernG
- Posts: 60
- Joined: January 22nd, 2008, 3:57 pm
pytechd wrote:how was a bright yellow bar "working too well," BernG? I can't imagine the logic behind removing this feature.. it's a large visual target. The site info panel (Larry) is a TINY target in comparison.
Sigh.
What I meant is since it worked so well, well then remove it and replace it with something that is harder to notice; which does not work as well.
-
Canyonero
- Posts: 1407
- Joined: April 25th, 2003, 11:02 pm
pytechd wrote:how was a bright yellow bar "working too well," BernG? I can't imagine the logic behind removing this feature.. it's a large visual target. The site info panel (Larry) is a TINY target in comparison.
I thought the old idea was that the yellow was basically playing to users "dumbness". Its yellow. It must be secure. I thought the original idea was to get rid of it entirely and to develop UI concepts that explained better what was going on (the popup at least gives some info about what's known about the site/encryption). At least, I'd like that. I don't see any discussion about that in the bug though. Just a few comments about how textboxes shouldn't be changing colors. Weird.
-
BernG
- Posts: 60
- Joined: January 22nd, 2008, 3:57 pm
Canyonero wrote:I thought the old idea was that the yellow was basically playing to users "dumbness". Its yellow. It must be secure. I thought the original idea was to get rid of it entirely and to develop UI concepts that explained better what was going on (the popup at least gives some info about what's known about the site/encryption). At least, I'd like that. I don't see any discussion about that in the bug though. Just a few comments about how textboxes shouldn't be changing colors. Weird.
The average use couldn't care less about some "explanation." All they want to see is if the site is secure or not. I really don't think they care if its VeriSign or someone else verifying it.
-
KrisSilver
- Posts: 63
- Joined: February 2nd, 2008, 4:38 am
I'd advise reading the bug and research this further before making a full judgement.
A key reason for moving away from the yellow url bar, is even for the users whom do recognise it, they're recognising it as secure right? Ok, good you say. Not so good when it doesn't really consider so well, what exactly they're securely connected to, and whether it's a "secure safe site". Log into www.Paypal.com and you'll see a fairly similar green bar is present, with a focus on the favicon site icon, demonstrating the specific sites connection is secure and verified as reputable.
A key reason for moving away from the yellow url bar, is even for the users whom do recognise it, they're recognising it as secure right? Ok, good you say. Not so good when it doesn't really consider so well, what exactly they're securely connected to, and whether it's a "secure safe site". Log into www.Paypal.com and you'll see a fairly similar green bar is present, with a focus on the favicon site icon, demonstrating the specific sites connection is secure and verified as reputable.
-
Asherian
- Posts: 33
- Joined: January 28th, 2008, 8:13 am
This is simply a silly move.
Unless it's got the extended verisign stuff (green), I don't even notice when it's a secure site anymore. And the only reason I notice that is the color is BIGGER. There's a tiny bit of the favicon background that's blue, but on my high resolution monitor you literally need to LOOK at it to see it. It should be something you can see instantly with peripheral vision.
This is a huge step backwards, and they will get TONS of flak for this in the press (rightfully so). The icon is just too tiny to be noticable now, and it's in an unintuitive spot. Why should the average user know or assume blue background of icon = secure?
This is just bizarre. The bug is also like the twilight zone, and as clear a case of irrational groupthink as I've ever seen. This is like New Coke all over again...Bring back Coke Classic!
Unless it's got the extended verisign stuff (green), I don't even notice when it's a secure site anymore. And the only reason I notice that is the color is BIGGER. There's a tiny bit of the favicon background that's blue, but on my high resolution monitor you literally need to LOOK at it to see it. It should be something you can see instantly with peripheral vision.
This is a huge step backwards, and they will get TONS of flak for this in the press (rightfully so). The icon is just too tiny to be noticable now, and it's in an unintuitive spot. Why should the average user know or assume blue background of icon = secure?
This is just bizarre. The bug is also like the twilight zone, and as clear a case of irrational groupthink as I've ever seen. This is like New Coke all over again...Bring back Coke Classic!
-
Helico
- Posts: 115
- Joined: September 11th, 2006, 5:44 pm
There is a need for a change, the new system is essential and better. People used to think "lock + gold" = safe, secure. But, when people want to steal your funds or identity, they do it overwhelmingly in one of three ways - 1. by phishing, making a fake site that you enter your info to or 2. by hacking the server or the dumpster of the company that holds many people's info, or 3. keyloggers, which can steal your info even if you are on a secure site because they get it directly from the keyboard.
Intercepting your personal web browsing, the case that is helped by https instead of http, is just not commonly used as a way to steal your info. The other ways are.
And, here is the *big deal* that you don't seem to be getting. Any clown with some money or a fake credit card can buy a certificate and run an https website. When you click on a link in an email and go to his site, it would have shown up with the lock and the gold.
Gold does not equal safe, when any phishing site can get the gold by buying a cert.
What makes a site safe(r) is belonging to the company you think it belongs to. To see if a site it safe, you need to see if the name on the https certificate is the correct name of the company. And, the certificate provider has to be checking those names for authenticity. A site with gold is only safe if you check the name to see if it matches. The big green bar you get on Paypal that says "paypal", that is what we are trying to encourage. Green is used in IE7, green to people means "go", "all is ok", etc.
The tiny blue icon is not bold and green because unless you click on it, it does not indicate safety.
Intercepting your personal web browsing, the case that is helped by https instead of http, is just not commonly used as a way to steal your info. The other ways are.
And, here is the *big deal* that you don't seem to be getting. Any clown with some money or a fake credit card can buy a certificate and run an https website. When you click on a link in an email and go to his site, it would have shown up with the lock and the gold.
Gold does not equal safe, when any phishing site can get the gold by buying a cert.
What makes a site safe(r) is belonging to the company you think it belongs to. To see if a site it safe, you need to see if the name on the https certificate is the correct name of the company. And, the certificate provider has to be checking those names for authenticity. A site with gold is only safe if you check the name to see if it matches. The big green bar you get on Paypal that says "paypal", that is what we are trying to encourage. Green is used in IE7, green to people means "go", "all is ok", etc.
The tiny blue icon is not bold and green because unless you click on it, it does not indicate safety.