Re: [whatwg] JavaScript dialogs blocking user experience

Darin Adler <darin@apple.com> writes:

>> On Apr 14, 2016, at 2:17 PM, Arvind Nigam <arvind.nigam@gmail.com> wrote:
>> 
>> My iPad is on iOS 9.3.1, but I was using the UC browser at the time.
>
> It’s too bad you were using the UC browser. If you had been using
> Safari you would not have been trapped by the scam. If you continue to
> prefer the UC browser over Safari then you should consider how to let
> the developers know you would like to see this improved.
>
>> I'm guessing that this is still a problem for a lot of users out there
>
> No question about it. The kind of mitigation we are discussing is
> valuable to reduce the effectiveness of JavaScript dialogs as part of
> this, but I’m sure the folks perpetrating fraud will find new
> effective ways to do so. For example, nothing in browser technology
> can prevent a webpage from displaying a misleading message that tries
> to trick you into thinking your device is broken or was taken over.

Clearly distinguishing between browser chrome and the current document
interface-wise can be helpful here. While it is incredibly easy to fool
people in general, browsers that automagically hide the address bar also
hide information about the state of the browser program. The browser
still has a state, but it forces the user to remember or deduce it.

Phishing works by confusing the user about the state a program has. Many
accessability or security woes can be reduced to hidden state. Tracking
using cookies works so well because browsers usually hide cookie state.

I think a good thing would be to keep browser applications' interfaces
stable and not change things for the sake of change with every upgrade.

>
> Apple support has a webpage with some advice on this topic that is
> updated from time to tome <https://support.apple.com/en-us/HT203987>.
>
> — Darin

-- 
Nils Dagsson Moskopp // erlehmann
<http://dieweltistgarnichtso.net>

Received on Friday, 15 April 2016 16:36:42 UTC