On 12/18/2014 12:14 PM, Gervase Markham wrote: > I wonder whether we could make a start by marking non-secure origins in > a neutral way, as a step forward from not marking them at all. Straw-man > proposal for Firefox: replace the current greyed-out globe which appears > where the lock otherwise is with a black eye icon. When clicked, instead > of saying: > > "This website does not supply identity information. > > Your connection to this website is not encrypted." > > it has a larger eye icon, and says something like: > > "This web page was transferred over a non-secure connection, which means > that the information could have been (was probably?!) intercepted and > read by a third party while in transit." I like this change. Four proposed fine-tunings: A) i don't think we should remove "This website does not supply identity information" -- but maybe replace it with "The identity of this site is unconfirmed" or "The true identity of this site is unknown" B) snooping isn't the only issue -- modification is as well. Maybe the updated statement can mention that the web page could have been modified in transit as well. C) if there was a way to ensure that the user knows we're talking about the data they sent as well as the data they're looking at that would be good too. D) "a third party" is both legalistic and singular. there could be multiple parties tapping the line. what about just "others"? Here's my attempt at resolving these, fwiw: ------- The true identity of this site is unknown. This web page was transferred over a non-secure connection, which means that the page and any information you sent to it could have been read or modified by others while in transit. ------- --dkg
Received on Thursday, 18 December 2014 22:11:28 UTC