W3C home > Mailing lists > Public > www-tag@w3.org > January 2012

Re: HTML5 proposes introduction of new family of URI schemes

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Tue, 24 Jan 2012 02:52:02 +0100
To: Robin Berjon <robin@berjon.com>
Cc: David Booth <david@dbooth.org>, "www-tag@w3.org List" <www-tag@w3.org>
Message-ID: <4v0sh7th8u2b1r7r4lrmu2h6cdnnko80sf@hive.bjoern.hoehrmann.de>
* Robin Berjon wrote:
>Whether this is sufficient security is an excellent question. My primary
>concern has to do with how to remove that handler, once installed. In
>Firefox you have to dig down in the "Application" section of your
>settings, and search for the scheme. Not exactly friendly. In Chrome, I
>couldn't figure out what to do. (Other browsers I tried didn't seem to
>accept the registration in the first place anyway.)

With this concern you are fairly close to being concerned about which
words to use in a text illiterate people need to read. They can learn
to read and you can optimize a text towards being easy to understand
for people who only recently started to learn reading, but for many it
is much easier, more comfortable, whatever you may call it, to adapt.

Somehow the browser home page changes from Duck Duck Go search to some
$NeverHeardOf malware spitting spyware site, well, so long as it kinda
works like Duck Duck Go search, they will just deal with that. It does
not occur to some people that if things have changed, and they did not
direct that change, that they should investigate to understand what's
changed and how to undo it; and when things get bad enough that they'd
have that thought, they are very likely to seek out help rather than
try to discover where or how to change things back.

And easier to configure does not necessarily mean the same thing for the
same people. The other day I tried to change Cookie settings in Firefox
and ultimately had to involve a search engine because I could not find
the options for that. Turns out you have to use a dropdown menu and set
it to "Use custom settings for history" to even see "cookie" options. I
don't like having to change settings to uncover more options when there
is no "restore old values" or "restore defaults" option, which in this
case did not exist, bad UI if you ask me, and "history" is not "cookies"
(more bad UI if you ask me), but that is how things turn out to be.

So, drop the "security" moniker? It's more like finding a balance be-
tween making things convenient for power users while limiting abuse of,
well, I would call them illiterate, but it's more like "casual users"
and "beginners". Now, excuse me while I uncheck the "Yes, install McAfee
Security Scan Plus" option while I download the 3.59 MB Flash Player,
that turns out to be only 758 KB, and then turns out to be not actually
a Flash Player but an installer, all while being careful that it doesn't
install Google Chrome or the Google Toolbar or some such thing. Looking
forward to the next security advisory and do it all over. (Actually, I
did so while writing, and despite mentioning it, failed to uncheck the
McAfee option and had to abort, thankfully that was possible, the in-
stallation mid-way; glad this is a virtual machine and not some real
system I am working with).
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Tuesday, 24 January 2012 01:52:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:44 GMT