Re: 2 questions

On 12/04/2015 9:23 p.m., Glen wrote:
> That's a good point. However, at the end of the day, what one person
> thinks is confidential may not be the same to somebody else.
> Silly examples:
> - I'm searching about some embarrassing illness, and I don't realize
> that someone may be tracking this information.
> - I'm submitting my CV from my current work place, who monitor traffic,
> and I don't want them to find out.
> Without a warning you may not think about this.
> Yes, passwords, CC numbers, ID numbers, etc. are more private, but where
> do you draw the line? What about my physical address?
> At a *minimum*, this type of warning should be displayed when submitting
> a form that contains a password field. Unfortunately, there are no
> built-in input fields for other types of private data, and checking for
> common labels might not be that easy or effective.
> Yes, many people will hit "ignore" without even reading the prompt, but
> you can never control that, and if their information is compromised,
> it's their fault entirely.

Yes you/we can control that. Easily understood message(s) occuring
rarely get read and decided on. Frequently occuring obscure message gets
a rote-learned "go away" response.

There are now 2 generations of users out there with decades of training
to click-away the TLS warning messages (and any other message that looks
similar) and malware authors are already taking advantage of that on a
large scale.


Received on Monday, 13 April 2015 01:35:19 UTC