- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Tue, 16 Oct 2007 11:50:22 -0400
- To: W3C WSC W3C WSC Public <public-wsc-wg@w3.org>
Hey folks, At the face to face, I took an action to respond to the usability evaluation first cut proposals around Identity Signal. The shockingly unreadable direct link is here: http://www.w3.org/2006/ WSC/wiki/RecommendationUsabilityEvaluationFirstCut#head- df6c58f37e7d146819d7962f8ccb91ed947d4dc1 I think the first cut work is an excellent analysis. I think that, in particular, unknowns #1 & #2 would be interesting questions to which to have answers, in terms of considering the merits of the proposal. The "Testing" section notes that the goal of the identity signal is not to prevent spoofing attacks, and I wanted to reinforce this point. It would be difficult to justify recommending this proposal as, e.g., an anti-phishing measure. There are ample studies in our bookmarks that illustrate that even when the chrome is much more good/ bad declarative than what IdentitySignal envisions, the results are mediocre at best. It therefore wouldn't make much sense to test this in an anti-phishing context. I wrote this recommendation because we're Web Security Context, not Web Security Countermeasures - it feels to me that we ought to be recommending things that enrich the context web users have available for making trust decisions online, even if they are not responses to specific threats. The current context is pretty sparse for non- technical users, and this is an attempt to enrich it by standardizing and encouraging a practice that multiple browser authors are now coming around to: communicating verified identity information to users. I appreciate that "help users understand the identity of sites they interact with" is a harder testing problem than "prevent phishing attacks" and I don't actually have a good methodology suggestion. An ethnographic/in-the-wild study of Firefox 3 users a year after release, when they've had time to develop/modify their browsing habits would be nice, but is hardly a reasonable suggestion in the context of this group. As I say, other than clarifying that point which was already made in some form, I think the analysis is spot-on. Cheers, J --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Tuesday, 16 October 2007 15:51:01 UTC