- From: Glen <glen.84@gmail.com>
- Date: Sun, 12 Apr 2015 11:23:35 +0200
- To: Yoav Nir <ynir.ietf@gmail.com>, Jim Manico <jim@manico.net>
- CC: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
That's a good point. However, at the end of the day, what one person thinks is confidential may not be the same to somebody else. Silly examples: - I'm searching about some embarrassing illness, and I don't realize that someone may be tracking this information. - I'm submitting my CV from my current work place, who monitor traffic, and I don't want them to find out. Without a warning you may not think about this. Yes, passwords, CC numbers, ID numbers, etc. are more private, but where do you draw the line? What about my physical address? At a *minimum*, this type of warning should be displayed when submitting a form that contains a password field. Unfortunately, there are no built-in input fields for other types of private data, and checking for common labels might not be that easy or effective. Yes, many people will hit "ignore" without even reading the prompt, but you can never control that, and if their information is compromised, it's their fault entirely. They could ignore future warnings for a particular form (based on the form action), the entire domain, or everywhere. Glen. On 2015/04/12 00:20, Yoav Nir wrote: >> On Apr 11, 2015, at 11:45 PM, Jim Manico <jim@manico.net> wrote: >> >> >> But Glen, your idea is still awesome. I think any form post over HTTP should provide the user with a pretty dramatic warning to not hit submit or at lest explain the risk similar to Chromes current pinning warning. >> > As others have said, browsers did try that. It certainly makes sense to warn if I’m about to submit my credit card number, social security (or equivalent), and other personal information. > > But any text box is a form. You can’t search Wikipedia without submitting a form. Doing what Glen suggests means that Wikipedia has to go to HTTPS or else have the users receive a warning when they search. So you’d have to have some “don’t bother me again” checkbox on the warning dialog, and that trains users to click this all the time, because you see that dialog box pretty much on any HTTP site. This is a common issue with every kind of UI warning that is most of the time a false positive. > > Ultimately, unless it’s secret (like a password or a CC number), I don’t think what you send is any more or less sensitive that what you receive. > > Yoav > > >
Received on Sunday, 12 April 2015 09:24:07 UTC