insecure form submission dialog
Jesse Ruderman
dialog. Is the dialog useful for getting users to check for the "lock"
icon before typing sensitive data, or do they ignore/disable the dialog
after the first time they do a web search and then forget about the warning?
(Text of dialog: "The information you have entered is to be sent over an
unencrypted connection and could easily be read by a third party. \n\n
Are you sure you want to continue sending this information?")
In general, I don't like security dialogs that appear often. Some users
leave this dialog enabled, so they're likely to get ready to click
"Continue" after clicking the submit button on a web form, and not read
the dialog. A web site could put up an XPInstall or Signed Script
dialog when the user expects an insecure form submission dialog, and
that would be bad.
Could we replace this dialog with a one-time dialog like the password
manager intro dialog, or change the checkbox to be unchecked the first
time the user sees the dialog?
dwx
> We should consider getting rid of the "insecure form submission"
> dialog. Is the dialog useful for getting users to check for the "lock"
> icon before typing sensitive data, or do they ignore/disable the dialog
> after the first time they do a web search and then forget about the
> warning?
> (Text of dialog: "The information you have entered is to be sent over an
> unencrypted connection and could easily be read by a third party. \n\n
> Are you sure you want to continue sending this information?")
>
> In general, I don't like security dialogs that appear often. Some users
> leave this dialog enabled, so they're likely to get ready to click
> "Continue" after clicking the submit button on a web form, and not read
> the dialog. A web site could put up an XPInstall or Signed Script
> dialog when the user expects an insecure form submission dialog, and
> that would be bad.
I agree with you. Please file a bug about it to bugzilla.mozilla.org
we do need some means to strongly differentiate different types of alert
dialogs, perhaps by icons. In some cases, we could also provide a
secondary dialog or window so that the user can revoke his/her decision.
For example, for installing components, we can add an "oops,
un-install"/"oops, quit download" button on the download status window.
> Could we replace this dialog with a one-time dialog like the password
> manager intro dialog, or change the checkbox to be unchecked the first
> time the user sees the dialog?
There's already a checkbox for "don't bother me next time" or something
like that for most alert dialogs.
Ben Bucksch
> Could we replace this dialog with a one-time dialog like the password
> manager intro dialog, or change the checkbox to be unchecked the first
> time the user sees the dialog?
me too.
I agree with you, and the dialog is disabled by default in Beonex
Communicator for the same reasons.
Matthew Thomas
>
> Jesse Ruderman wrote:
> >
> > We should consider getting rid of the "insecure form submission"
> > dialog.
Are there any legal issues if we do?
> > Is the dialog useful for getting users to check for the
> > "lock" icon before typing sensitive data,
The alert doesn't mention the lock icon at all. If Mozilla was a native
app, the alert could visibly zoom into the lock icon when it was closed.
>...
> > (Text of dialog: "The information you have entered is to be sent
> > over an unencrypted connection and could easily be read by a third
> > party. \n\n Are you sure you want to continue sending this
> > information?")
Last year I suggested: `On an insecure site such as this one, any
information you send could be read by a third party. You should avoid
sending private information such as credit card numbers or important
passwords.\nDo you want to continue sending this information?'
This was longer, but intended to be a first-time-only alert as opposed
to the current every-time alert.
Then a professional tech writer got involved, which is why (for
example) the checkbox text in many of those alerts ends in a `.' when it
should not.
>...
> we do need some means to strongly differentiate different types of
> alert dialogs, perhaps by icons.
Currently we can't, because the nsIPrompt API is broken
<http://bugzilla.mozilla.org/show_bug.cgi?id=95649>.
That's why, for example, the PSM alert to tell you that your connection
is safer than usual (i.e, that it's encrypted) has a `danger! danger!' icon.
>...
> > Could we replace this dialog with a one-time dialog like the
> > password manager intro dialog, or change the checkbox to be
> > unchecked the first time the user sees the dialog?
But then who would ever check it?
> There's already a checkbox for "don't bother me next time" or
> something like that for most alert dialogs.
It would appear that dwx did not read the comment to which he/she was replying.
--
Matthew `mpt' Thomas, Mozilla UI Design component default assignee thing
<http://mpt.phrasewise.com/>
Raymond Toy
> We should consider getting rid of the "insecure form submission"
> dialog. Is the dialog useful for getting users to check for the
> "lock" icon before typing sensitive data, or do they ignore/disable
> the dialog after the first time they do a web search and then forget
> about the warning?
As a user, I rather like it, but usually ignore it, except when it pops
up in unexpected places.
What I would really like is a way to say that, for this page, don't
bother me because I know what I'm doing or because I know I'm not
sending anything sensitive. I think this is something like IE's
internet zones? (Don't know because I try not to use IE.)
>
> (Text of dialog: "The information you have entered is to be sent over
> an unencrypted connection and could easily be read by a third party.
> \n\n Are you sure you want to continue sending this information?")
>
> In general, I don't like security dialogs that appear often. Some
> users leave this dialog enabled, so they're likely to get ready to
> click "Continue" after clicking the submit button on a web form, and
> not read the dialog. A web site could put up an XPInstall or Signed
> Script dialog when the user expects an insecure form submission
> dialog, and that would be bad.
In that case, can't a different dialog be used and have the default be
no instead of yes? Or move the continue button to a different location?
Ray