On 2012-04-27 14:03:32 +0000, beltzner said:
> * actually no, the UX team hadn't spoken with Johnath or anyone about
> what had led to the creation of Larry, but they will definitely do so
> now that it's been brought to their attention
That isn't entirely true :) While we did not specifically talk to
Johnath before we designed this everyone was cognizant of the ideas and
rationale behind that design. I have also spoken to him since this
landed.
This design (including the padlock) has been kicked around in various
iterations since before Fx4. You may be familiar with the numerous
different designs for the evolving the identity block :)
Eventually we decided that the designs behind using an inline identity
block were too fragile.
> * the padlock icon was chosen primarily to differentiate between
> "non-http" and "http", and secondarily to provide a consistent metaphor
> between all browsers for that concept
That is mostly right, but I can expand on the rationale behind the
entirely of the changes.
Goals for this design are:
- Reduce redundancy in main UI by only having one favicon (in the tab)
- Increase security by removing the ability for websites to spoof the favicon
- (Re) Introduce a consistent encryption indicator
- Streamline the URL bar and its contents for Australis
- Have a consistent location for accessing the identity panel
- Retain the drag target for bookmarks
While working towards these goals we identified some other problems in
the current UI we wanted to address:
- Not to knock Larry, because I love that guy, but he isn't a very
recognizable metaphor for identify unless you find yourself going
through customs frequently.
- Larry also does not scale down to 16x16 very well
- The color "blue" doesn't have any special meaning attached to it.
Just "blue".
- We have no recognizable icon that indicates your data is encrypted.
Taking all that into account we have the new design:
http://cl.ly/401E0Z3A0e1F3T2u1J3C
(From top to bottom)
- Default state
- SSL state
- EV state
- Mixed/broken encryption state
- Malware/phishing state
The generic globe indicates a regular site and serves as a consistent
drag target and access point for the identity panel. For SSL we
re-added the lock icon and show "https". EV has pretty much the same UI
with the addition of the lock and the removal of the button affordance.
Green as a color does have meaning as in "Go" or "Healthy" and it has
been actively associated with Extended Validation certs by browser
vendors and CAs. For the mixed state the plan is to have a warning icon
to indicate something is wrong and drop the "https" because you aren't
truly encrypted at this point.
Now, as to why we decided to use the padlock icon :) It is the
universally accepted icon for encrypted connections. We could come up
with a new metaphor, although this is a) difficult and b) a new
metaphor is just as likely to get conflated meanings in the same way
the lock might have. We are still exposing identity in the panel and
more importantly for the actually meaningful EV case.
We still have some improvements to make to the new design to make the
green more noticeable and the SSL lock a little more noticeable. Also
the updated mixed state icon.
Next steps for improving security UI include:
- A more easily readable identity panel
- Exposing more information about your relationship with the site e.g.
how many times have you been there
- Notifying you if you are submitting sensitive data over unencrypted
connections
- Notifying you if you are submitting data to a site for the first time
And more, we would love more ideas here.
Thanks!