Re: Is the padlock a page security score?

Timothy Hahn wrote:
> I've been frustrated that we seem to be very willing to do away with the 
> notion because we can't be sure that we could make it "rock solid".

Nobody's dismissed the notion, Tim. The initial objection was to making
this a requirement on browser UI since the value was questionable. My
continued objection is on placing this in primary UI when the meaning of
a single summary statistic isn't at all clear. To date, nobody has
addressed the fact that "80% secure" doesn't mean anything without
clicking through.

What Ian, myself, Johnathan and others have suggested is that we
calculate these security statistics, summarize them in a human
consumable fashion (eg: "Suspicious", "Insecure", "Normal",
"Identified") and only present them when there's something that requires
the user's attention. Going back to the weather analogy, what I'm saying
is that users don't need to see that it's a 72% nice day, they need to
know when there's a tornado warning.

> I've been envisioning such a "score" as more of a "confidence level" - 
> as in "given the information seen, this score calculator has a 80% 
> confidence level in the connection and site you've just landed on".

As mentioned several times, I think that these sorts of confidence
levels aren't easily interpreted by users whose mental model is based on
notions of "safe" and "unsafe". Anytime we think there's something
suspicious, we should say that, and then allow users to learn more about
what, precisely is suspicious. So I'm all for combining a variety of
signals to get a summary statistic, but I don't think we should leave it
up to users to interpret that statistic alone. Those who want to know
more should get the information we have, those who aren't interested
should get our recommendation for action.

I'd also support something that allows a user to tell the UI if it wants
to be more or less paranoid about risk assessments, thus tweaking the
points where we indicate suspicion.

> Further, by allowing a user to pick which "confidence calculator" was 
> used, they could choose one from someone or something ... or even 
> written by themselves.  Ok - this would really be getting into a savvy 
> user, I admit.  But hopefully this gets explains why I think the notion 
> of a "score" could still work and be useful.  Having such separation 
> might also help some organizations deal with whether or not they might 
> be held liable for the scores provided.

Add-ons should always be allowed to add more indicators, change
recommendation levels, etc.

> One other useful discussion over the past day on this topic is the 
> aspect of "change in the score from the last time you were here".  I 
> think this is also quite powerful and shouldn't be overlooked.  A change 
> in score is perhaps more important to point out than the score itself. 
>  (The "drill down" could then itemize the details on what is different).

Yeah, I "liberated" that idea from key continuity management. All credit
where it's due.

> I still feel that giving such things in a "simple cue" (with more "drill 
> down" available) is better than not giving any cues at all.

We agree here. Where we seem to be mismatched is that I don't think
"72%" is any simpler than saying "Threat Level Purple".

cheers,
mike

Received on Friday, 11 January 2008 19:25:41 UTC