[ Home | Articles | Account | People | Projects | FAQ ] Johnathan Nightingale explains why Firefox makes you jump through a series of annoying hoops before it will show you a self-signed web page. As he points out, the jump-through-hoops design is actually old. It is only the number of hoops that has changed in Firefox 3.
The main problem with this design is well known: People are trained to just do whatever it takes to get the web page to display. When they finally do get a malicious page, they do what they always do, which then results in a completely normal-looking bank page where they type in their password as usual.
Here is a better idea:
Show the page without asking questions, but draw it with a weird red glow and a yellow warning. If the user actually enters any kind of information, then show a speech bubble saying that the information could be intercepted. Like this:
If the user then goes ahead and submits the information, show a final warning, then send it.
The big benefits:
This means they are not trained to override the certificate because that won't usually be necessary to do what they want.
If a familiar bank page is suddenly annotated with yellow warning bars and red speech bubbles, that will get people's attention. Much more so than having to first click OK to a gobbledigook question. Imagine that: Web security that actually has a chance of working ...
Because the details window would have an override button for people who have to use a self-signed web page on a regular basis.
FOAF updates: Trust rankings are now exported, making the data available to other users and websites. An external FOAF URI has been added, allowing users to link to an additional FOAF file.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!