- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Mon, 11 Sep 2006 12:10:39 -0700
- To: "James A. Donald" <jamesd@echeque.com>
- Cc: <public-usable-authentication@w3.org>
> From: James A. Donald [mailto:jamesd@echeque.com] > Sent: Saturday, September 09, 2006 12:01 AM > Hallam-Baker, Phillip wrote: > > Looking at the security shortcomings of the Internet > > some common themes emerge: > > > > 1) The user is never told what parts of the display > are > trustworthy and what parts are not. > > This is not the problem. Most users correctly believe that > what is inside the inner frame of the browser is controlled > by someone else, and that someone is probably trying to sell > the Brooklyn bridge, or asking us to invest in swamp land, > and correctly believe that what is between the inner and > outer frames is reasonably trustworthy. The users correctly work out that certain areas are not trustworthy. But they never get told what they can trust. And because they were never told that they can trust the chrome lots of people have assumed that its OK to let content providers walk all over it. So we have abhorences like frameless popup windows. Its not so much how we do it that's important as the deciding to make the commitment. > My browser has the Netcraft toolbar, which correctly detects > scam websites and legitimate websites almost all the time. > Yet the fact is I seldom check it, even when banking or share > trading. I focus on the task at hand, at the inner window, > and ignore the outside window. I have right above the window > an extremely accurate scam detector, and seldom look at it. Agreed. But would you check it if you received a message claiming that your paypal payment for the wire wheels you sold last night had been blocked? This happened to the guy who I paid $560 to last week. Fortunately he is sending me the wheels. But a key problem in the communication here was the fact that I just don't have any way of telling him 'this is what a completely trustworthy message looks like'. I also agree that if we really want to get a handle here on the specific problem of credential theft then we need to have a trustworthy path for entering the credentials. Probably something like CardSpace. But phishing is only one of the frauds that impersonation makes possible and we have to make sure we solve both problems. > > 2) The user is expected to verify their mental model > 'I > am dealing with Ebay' in the context of deep > knowledge of > Internet protocols, by relying on the URL > encoded in the > domain name. > > Even though I almost never check the Netcraft toolbar, I do > in fact check the url, because the url actually contains > useful information in the normal case, in the case that I > really am dealing with a legitimate entity. > The moral is that the information that would enable the user > to check for scams has to be part of his normal workflow, > something he does need to attend to in order to get things > done in the ordinary course of events. OK there are two problems, the information has to be integrated into the user's mental model and also into the user's workflow so they actually notice it.
Received on Monday, 11 September 2006 19:10:51 UTC