Re: Opera's three security levels from Mike Beltzner on 2006-11-28 (public-wsc-wg@w3.org from November 2006)

From: Mike Beltzner <beltzner@mozilla.com>
Date: Tue, 28 Nov 2006 10:11:38 -0500
To: public-wsc-wg@w3.org
Message-Id: <056173A1-434A-4ECC-B2EA-E368EC65F6B5@mozilla.com>

On 27-Nov-06, at 10:45 AM, Amir Herzberg wrote:

> Browser security should make it harder for spoofers/phishers to  
> trick users into believing false site identification. The challenge  
> is that users look mostly at the content of the site, which can  
> present fake identification (tokens, etc.). Same for email... Which  
> is why identification indicators, like the secure letterhead (or  
> TrustBar, or PetName...) are useful.

I can't let an opportunity to sing my usual song go by, and I can't  
remember if I've sung it lately, so here it goes:

Why not create indicators of *in*security and *non*-trusted  
identification instead of indicators of security? Recent studies on  
user behaviour show that many users don't look for indicators of  
security, and those who do are easily fooled by simple spoofing  
techniques[1]. Users are often focused on the task they're trying to  
complete (ie: "my profile needs to be updated!") not checking around  
them for indicators of whether or not the website is "secure".  
Further, training users to look for indications of safety means that  
we need to train them to detect the absence of such signals to infer  
non-safety, which is a harder thing for humans who are predisposed to  
singular evaluation approaches[2].

Phishers and spoofers have had an easier time of things because it is  
easy for them to copy the look and feel of a website, or of browser  
chrome. So instead of giving them indicators which they can copy and  
spoof, why not create indicators which they have no incentive to  
copy? Make the message to the user be "Hey! This isn't safe, don't do  
this", not "You're happy and secure to keep doing what you're doing."  
It also makes it easier for us to put this message in front of users  
at the point of the task. The only design challenge left for us is to  
avoid click-through fatigue (which, sadly, I fear will be exacerbated  
by well-meaning security UI in the upcoming Windows Vista OS release).

cheers,
mike

[1]: "Why Phishing Works", Dhamija, Tygar & Hearst (http:// 
people.deas.harvard.edu/~rachna/papers/why_phishing_works.pdf)
[2]: "Phishing Tips and Techniques", Gutmann (http:// 
www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf)

Received on Tuesday, 28 November 2006 15:12:07 UTC