- From: Mike Beltzner <beltzner@mozilla.com>
- Date: Fri, 10 Aug 2007 16:08:44 -0400
- To: <michael.mccormick@wellsfargo.com> <michael.mccormick@wellsfargo.com>
- Cc: <tlr@w3.org>, <public-wsc-wg@w3.org>
On 10-Aug-07, at 3:42 PM, <michael.mccormick@wellsfargo.com> <michael.mccormick@wellsfargo.com> wrote: > Just because a practice is widespread or site marketers like it > doesn't > mean it's a good idea. Please don't make strawman arguments. I never claimed that favicons were a good idea for either of those easily-questionable rationales. Favicons are extremely helpful for reducing the cognitive overheard of recognition when glancing at a screen. The human ability to recognize colour and shape within a visual field is superior to its ability to recognize and parse text. Favicons help measurably with a user's ability to ambiently recognize where on the web they are when they glance at the location bar, as well as their ability to find a specific entry in the location bar drop down, tab strip, or bookmark view. > The idea of making favicons a different size from agent-controlled > indicators is extremely problematic on many levels, and anyway would > users really pick up on icon size as a security indicator? Not an > idea > WSC should promote or even take seriously. Why is it extremely problematic on many levels? It requires us dictating that browser vendors not use 16x16 px icons as a way of representing security indicators. I'm not saying "make a bigger lock", I'm saying "use something that isn't a square". For example, if a security indicator was something like: [ Encrypted ] or [ Security Info ], it couldn't be spoofed by a favicon. Why would we not take that seriously? cheers, mike > > -----Original Message----- > From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg- > request@w3.org] > On Behalf Of Mike Beltzner > Sent: Wednesday, August 08, 2007 11:33 AM > To: Thomas Roessler > Cc: WSC WG > Subject: Re: favicons: updated editor's draft [ACTION-276] > > > On 8-Aug-07, at 10:15 AM, Thomas Roessler wrote: > >> Per ACTION-276 from last week's call, I've tried a rewrite of some of >> the favicons material in the light of the discussion at our last >> call; > >> see: >> >> http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#site-identifying >> @@Web Security Context@@ >> Editor's Draft $Date: 2007/08/08 14:11:27 $ > > [...] > >> Comments are, as always, welcome. > > Sorry to not have been on the call last week. I can tell you that the > NECCESSARY techniques that MUST be implemented by a conforming web > user > agent (as per 7.1.3) are unrealistic in terms of meshing with user > experience, and are, I think, throwing the baby out with the > bathwater. > Specifically the requirement to not show a favicon in the Location > Bar. > > The favicon has become the visual avatar of a website, allowing for > brand association, and easing several tasks including scanning through > bookmarks, history and tabs to ease the task of locating (or > recalling) a specific entry. > > This entire section seems to exist because security indicators > presently > look like favicons, and since the website can simply copy that > image and > make the favicon look like a security indicator, easy spoofing and > confusion is possible. > > Was any consideration given to requiring that security indicators be > made such that they are not the same size and format as favicons? > So, in > other words, not 16x16 graphics? > > cheers, > mike > >
Received on Friday, 10 August 2007 20:09:01 UTC