- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Mon, 13 Apr 2015 13:34:32 +1200
- To: ietf-http-wg@w3.org
On 12/04/2015 9:23 p.m., Glen wrote: > That's a good point. However, at the end of the day, what one person > thinks is confidential may not be the same to somebody else. > > Silly examples: > > - I'm searching about some embarrassing illness, and I don't realize > that someone may be tracking this information. > - I'm submitting my CV from my current work place, who monitor traffic, > and I don't want them to find out. > > Without a warning you may not think about this. > > Yes, passwords, CC numbers, ID numbers, etc. are more private, but where > do you draw the line? What about my physical address? > > At a *minimum*, this type of warning should be displayed when submitting > a form that contains a password field. Unfortunately, there are no > built-in input fields for other types of private data, and checking for > common labels might not be that easy or effective. > > Yes, many people will hit "ignore" without even reading the prompt, but > you can never control that, and if their information is compromised, > it's their fault entirely. Yes you/we can control that. Easily understood message(s) occuring rarely get read and decided on. Frequently occuring obscure message gets a rote-learned "go away" response. There are now 2 generations of users out there with decades of training to click-away the TLS warning messages (and any other message that looks similar) and malware authors are already taking advantage of that on a large scale. Amos
Received on Monday, 13 April 2015 01:35:19 UTC