- From: Amir Herzberg <herzbea@macs.biu.ac.il>
- Date: Wed, 06 Dec 2006 16:36:38 +0200
- To: "Michael(tm) Smith" <mikes@opera.com>
- CC: public-wsc-wg@w3.org
Michael(tm) Smith wrote: > George Staikos <staikos@kde.org>, 2006-12-04 16:21 +0000: > > >> We, the browser developers, have had an ongoing effort to >> reduce the complexity of indicators and consolidate the >> decision making process. We don't want users to have to judge >> if 75% security is good enough, or if they should go for 80% >> (whatever those mean anyway). We need to have a set of >> criteria that enable us to make a boolean decision. >> > > Regardless of the complexity of the indicators, it ultimately > comes down to any given user making a boolean decision to either > trust a particular site or not. > > It seems like the old "as simple as possible, but no simpler" > adage is relevant here. I'd hope that we don't end up taking a > task (looking at set of security data about a given site, and > evaluating it in order to make a trust decision), and trying to > oversimplify it. > But users really want just the simple information of whether a site is to be trusted or not, and presenting them with technical details is not helping (most) of them. So we have the dillema: do we present such information, allowing knowledgeable users to protect themselves (at least in theory), or do we omit it, but then make security and trust decisions for the user? I think users do not want to make the trust and security decision, but I also don't think that making such a decision should be a browser service. Comparing security of browsers based on the security decisions made by the blacklist services they use makes no sense. There is an alternative: allow users to pick a security service, like anti-virus. to make such choices. In this way, users can choose a browser based on its quality, and select a (often paid) security and trust service based on its quality. Best, Amir Herzberg
Received on Wednesday, 6 December 2006 15:05:13 UTC