- From: Amir Herzberg <herzbea@macs.biu.ac.il>
- Date: Thu, 07 Dec 2006 08:53:27 +0200
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- CC: "Close, Tyler J." <tyler.close@hp.com>, W3 Work Group <public-wsc-wg@w3.org>
Stephen Farrell wrote: > Close, Tyler J. wrote: >> My perspective is that the difference between chrome and page area >> should be the difference between "browser says" and "web site says". > > Nice distinction. Too nice. Our experiments show quite clearly: users do not make the distinction between the chrome and the web page. I don't think this is (only) due to the fact that sites control the location bar (and possibly other parts of the chrome). Unfortunately, this implies that whatever we do in this group, it will only be of partial help. To really solve phishing, spoofing and other website attacks, we need to block suspect content in the first place. I think that's the long term solution (and am working towards making appropriate tools - again, a relatively long term goal). However, imho this is not in the scope of this WG. Another implication, imho, is that any attempt by us to recommend a dramatic change on the chrome, e.g. remove the location bar, has the potential to cause vendors to ignore (possibly all of) our recommendations. This adds to the (limited) security value of the location bar, which I'll address in another note (in response to Tyler). Best, Amir Herzberg
Received on Thursday, 7 December 2006 06:54:14 UTC