Re: Opera's three security levels

> So to answer your question, No, we don't have explicit actionable
> advice associated with each of the levels. I don't see how we
> could, practically, associate specific guidance with each of them.
> The expectation is basically that you'll use the numbered security
> level as another data point (along with other security context
> information) in making a decision about the degree of confidence
> you want to have sharing personal information with the site.

Thanks Mike. I don't think that matches any practical or realistic user 
model for the majority of users. That's one of the problems with security 
indicators; users haven't got a clue what to do with them. Having the 
indicators can be better than not having them, but only if there is some 
model of how to use them. There are studies that show that user's don't 
"think about" trust and security (Martiza and I need to get cracking on 
that annotated list; we've got a draft in email that I'll push out to the 
wiki). So having a model that assumes they will isn't enough.

What might be enough is to use this information with other browser history 
to flag things like
1) discontinuities (particularly downward) for a particular site, or
2) categories and trends and recommendations (can we use the semantic web 
to tag site types, then say things like "the financial sites you've 
visited in the past all have tip-top security; this one claims to be 
financial but has mediocre security; beware"). 

        Mez

Received on Friday, 24 November 2006 15:36:13 UTC