For the past few weeks, we've been playing with various ideas relating
to the Location Bar here in mozilla.dev.apps.firefox. Dao Gottwald
has been doing a great job keeping up with the suggestions, and
implementing them in the excellent LocationBar2 extension.
Having done the prototyping, and a UI review with Jonathan Nightingale
and Mike Beltzer, we now propose that we do the following two
independent things, as a start:
1) Remove the favicon from the URL bar. We want to make the URL bar
totally trusted, and that means not allowing sites to control parts of
it to spoof locks or things like that. We can either remove it entirely
or replace it with a generic page icon/folder icon/whatever under our
I note that mockups posted recently for the Places UI use this icon for
a menu, and so we may need to negotiate as to what happens.
2) Change the URL bar so that everything except "Public Suffix + 2" is
greyed out. If the URL bar is focussed or hovered over, the colour
switches back to black throughout. This should be possible using CSS
only. The "greyed-out" colour is a pref; people who don't like this
feature can set it to "black".
Public Suffix (also called Effective TLD) is the part of the URL not
owned by a registrant. E.g. ".com", ".co.uk", "hokkaido.co.jp". 2 is the
default for a pref; we think this is the right number, but want real
world experience. So Public Suffix + 2 is e.g. http://WWW.MOZILLA.ORG,
This will look basically as mocked up by Ka-Ping Yee here:
We may also do other things from the LocationBar2 UI experiments.
However, these two things are where we want to start, and then we can
look at further changes.
I'd like to finish by pointing out that it seems to me that the process
we've just gone through is a textbook example of how open source
development and UI prototyping _should_ work in our world. We had loads
of cool ideas, implemented them in an extension, kicked them around a
lot in discussion, realised some were too radical, and have now come out
with a considered proposal. This rocks. Thank you to everyone who took part.
Sounds good for a start for those who already look at the location bar
and understand domains.
Are there plans on how to get average users to look at the location bar
in the first place and show them something they can easily process?
I did a little user study of random people in the University's Student
Union to visit websites while using 1 of 3 versions of Firefox: standard
browser, LocationBar 2, in-your-face domain display.
The participants were provided a scenario of a scavenger hunt to visit
various linked websites to find a piece of information; about half of
the sites used a spoofed domain. None of the people in the study noticed
the small changes (facebook.com -> facelook.com), the odd changes
(www.google.com -> 18.104.22.168.22.214.171.124.9), or the big changes
(en.wikipedia.org -> en.wikiwikiland.net).
Even though some of them frequently visit those website (some daily, so
they should recognize the domain), they did not comment on anything
strange. Even when a third of participants usually manually enter
websites in the location bar when opening a browser (meaning they know
of domains), they did not notice the domain name changes. Half of them
avoid domains when opening the browser to go to websites by using
favorites/bookmarks or Google.
However, users do have some level of trust for various websites. For
each each answer, participants ranked a level of trust from 1 (low) to 5
(high). Interestingly, MySpace was consistently lower than others like
Google and YouTube.
By losing the favicon from the URL bar, we also lose the ability to
drag/drop the favicon to bookmark, etc. I'm not certain how many
Firefox users actually bookmark in this fashion, but I imagine a good
number of people could be bookmarking sites in this manner.
I'm aware that one can just as easily drag and drop the tab, but is
the average user aware of this? Downsides to this are that the
default behaviour of Firefox is to hide the tab bar when only one tab
is present, and that the favicons on the tab bar don't look drag/
droppable (much like the Fx icon in the window titlebar).
Has the ability to drag/drop the favicon been given due consideration
or affected the decision in any way?
I think we want to keep site-controlled content corralled as much as
possible into the content area and tabs.
Also, I think the above is a solution in search of a problem. If we
remove the favicon from the URL bar, is it now invisible? No, it's on
the tabs. Why does it need greater visibility?
It's an open question as to whether it vanishes, or whether you get a
generic page icon in its place. This is an argument for the latter,
Does this include text in the window's title bar, status bar (I guess
this is off by default anyways), etc.?
And then there's this recent proposal of site-controlled sidebars and
toolbars, which goes directly against this statement...
> Also, I think the above is a solution in search of a problem. If we
> remove the favicon from the URL bar, is it now invisible? No, it's on
> the tabs. Why does it need greater visibility?
Because there are people who might hide those [cursing language
stripped] tabs and not use them ;-)
But then, they can use a browser that still has this feature, like, say,
IE^H^HSeaMonkey, just to name one.
We switched off the ability for the site to change the status bar text
for this reason as well.
> And then there's this recent proposal of site-controlled sidebars and
> toolbars, which goes directly against this statement...
Not necessarily. These would appear in the content area. It would be
important to style these so they appeared like content rather than chrome.
> But then, they can use a browser that still has this feature, like, say,
> IE^H^HSeaMonkey, just to name one.
Removing the favicon would mean that you should simply remove any icon
in the location bar altogether. What's the point of wasting space to
show a white page 100% of the time? However, I hope that you do not
remove it because the padlock icon doesn't appear to the left of the
URL and always appears to the right. Besides which, the location bar
also changes colour, which is what I pay more attention to, so if
there are some dummies that are being fooled by a padlock favicon,
then should Firefox users with brains have their browser stripped bare
in an attempt to protect idiots from themselves? I surely hope not...
Why lose a feature? This will not add anything to the actual security.
Just a "feel good" measure and cramping the creativity. Absolutely
wrong. Majority of sites use favicon for creative content, not for
We can either remove it entirely
> or replace it with a generic page icon/folder icon/whatever under our
Why should it be generic and/or under your control? Give us more
freedom in the URL bar. Allow site to use different font, style,...
That is progressive. Control it against the "lies", not against the
> 2) Change the URL bar so that everything except "Public Suffix + 2" is
> greyed out. If the URL bar is focussed or hovered over, the colour
> switches back to black throughout. This should be possible using CSS
> only. The "greyed-out" colour is a pref; people who don't like this
> feature can set it to "black".
More "overcontroling"... URL is there to give complete description of
location. User have a great interest to know what it is. Do not
between the user and the content! Do make security features that
but do not obstruct the user in any way or highlight parts of your
> This will look basically as mocked up by Ka-Ping Yee here:http://zesty.ca/mozilla/locbar.html
Please provide the real security and do not cramp the creativity of
designers. Stay away
from filtering the content in any way. That would summarize my
Hope this helps,
Removing the favicon from the location bar seems wrong, but I can't
put my finger on why. Perhaps because I can't think of another
logical place for it. It also serves as a bookmark drag target, so it
shouldn't move far from where it has been since it was created. On
second thought, if the URI is going to have visual clues about itself,
moving the favicon is probably unnecessary.
In my opinion, the main reason why phishing works is because the
average user doesn't know how a URI is constructed. Give them some
hints. Highlighting the domain + TLD is a good start, however I
suggest this feature launch in its complete form: differentiate all 6
(7) segments of the URI by color:
- hostname (ie, www)
- domain + TLD
- GET string (names and values could be colored differently)
In the mockup, the rest of the URI has been grayed out too much.
Perhaps make domain + TLD bold, and colorize the other segments?
Not that the average user ever looks at URI's in the bottom toolbar
when hovering over links, but I also suggest applying the same
highlighting scheme there as well.
1. I see more cons to the loss of the favicon in the adressbar than
2. using a grey font color in the address bar is a HUGE accessibility
and readability issue... I burnt my right eye a long ago and lost a
bit of sensibility to reds and yellows. The screenshot shown in Alex
Faaborg's blog is already VERY hard to read for me. Do **NOT**
implement this feature w/o spending hours thinking on the
accessibility problems it implies. Thanks.
This could be true. Perhaps you could list the pros and cons?
> 2. using a grey font color in the address bar is a HUGE accessibility
> and readability issue...
I agree that there are issues. I also found it pretty hard to look at.
Another issue is that the path component of URIs can sometimes be very
and the grey coloring of the location bar makes that harder to read.
Make that: *vast* majority...
I second that!
A suggestion, how about extending the URI with some intellisence,
taking data from Google Sitemaps if a page has made such available.
The favicon is already duplicated on the current tab; but I'd like it to
remain on the URL bar too: after all, the window title is duplicated on the
tab, does that mean we should remove one or the other?
> second thought, if the URI is going to have visual clues about itself,
> moving the favicon is probably unnecessary.
I don't see why. The URI could have some parts bolded or grayed and still be
preceded by a site icon.
> In my opinion, the main reason why phishing works is because the
> average user doesn't know how a URI is constructed. Give them some
> hints. Highlighting the domain + TLD is a good start, however I
> suggest this feature launch in its complete form: differentiate all 6
> (7) segments of the URI by color:
> - protocol
> - hostname (ie, www)
> - domain + TLD
> - path
> - filename
> - GET string (names and values could be colored differently)
> - anchor
> In the mockup, the rest of the URI has been grayed out too much.
> Perhaps make domain + TLD bold, and colorize the other segments?
> Not that the average user ever looks at URI's in the bottom toolbar
> when hovering over links, but I also suggest applying the same
> highlighting scheme there as well.
I'd prefer the URL in the status bar to remain the "raw" HREF. It may be
about: come to mind; from a local page it could also be file: ).
"You've got to think about tomorrow!"
"TOMORROW! I haven't even prepared for *_yesterday_* yet!"
And the majority of sites aren't malicious. That doesn't in itself mean
we should do nothing about those that are.
> Why should it be generic and/or under your control? Give us more
> freedom in the URL bar. Allow site to use different font, style,...
> That is progressive. Control it against the "lies", not against the
That's a terrible idea. It would make misleading users far easier if
sites could control the font used in the URL bar. We have enough trouble
finding one font that makes a good distinction between 1, i, l and I
without having to find a whole bunch.
> More "overcontroling"... URL is there to give complete description of
> the page
> location. User have a great interest to know what it is.
A user really cares that their JSESSIONID is 35FAGKE453F?
And how would the user know which ones are the important ones?
Surely the solution to "users don't know how a URL is constructed" is
not "teach them" but "make it so they don't have to know".
If your user model and your program model don't fit together, change the
program model. It's much easier than changing the user model.
It's not supposed to be as obvious. That's the _point_. If you want to
read the other parts of the URL, press Ctrl-L. The highlight difference
goes away whenever the URL bar is focussed or hovered.
The key things I like about it are:
* Convert URL to a breadcrumb trail
* Options for customising the design of the URL - eg. whether to hide
Maybe it's not supposed to be obvious, but is it supposed to be readable?
If it supposed to show just the domain and give an indication that there
is some other stuff there, then is there a way of doing that without
making people try to read something that's hard to read?
If people's brains have to make a quick choice between straining their
eyes for a couple of seconds and moving their hands about, they will
probably go with the eye straining every time and give themselves a
On the other hand, I guess it won't be too hard to remove the greying-out
effect with an addon (or maybe even a couple of lines in the chrome CSS
file), for those people that understand URLs and want to read them all the
I personally agree with many others when I say that the graying out is
a bit much. It's a good idea, but the way it's been implemented is
entirely wrong. Why are you fading out the rest of the url? Couldn't
you highlight the important part instead? Instead of making it stand
out by fading the rest of the address, why not just highlight it.
Also I'm a huge fan of favicons, and since on mac the bookmark bar
doesn't show them, I'd really rather not lose them in the url.
I think phishing will continue to be a problem, but this appears to
be a knee jerk reaction.
The proposal is to remove the favicon from the location bar, not from
"Don't Panic" - Douglas Adams
People, the proposal removes favicons from the location bar, but not
from the browser tabs. There you will see them in full glory.
Well, if something needs to be emphasised, that means that other things
have to be deemphasised. We tried things like bold, but characters (e.g.
i and l) are less different in bold fonts.
> On the other hand, I guess it won't be too hard to remove the greying-out
> effect with an addon (or maybe even a couple of lines in the chrome CSS
> file), for those people that understand URLs and want to read them all the
Indeed. There will probably be a pref.
In what way? We have, thusfar, not been able to come up with a method of
highlighting which is both readable and accessible. (I suggest you read
about what we've tried before proposing one.)
> Also I'm a huge fan of favicons, and since on mac the bookmark bar
> doesn't show them, I'd really rather not lose them in the url.
They will still appear on the tabs.
> I think phishing will continue to be a problem, but this appears to
> be a knee jerk reaction.
What makes you say that? Have you analysed our reasons for making this
We've tried this - it just doesn't work from a usability perspective,
and it doesn't work from a website structure perspective. It's basically
the equivalent of adding a load of buttons to the interface which half
the time, when pressed, take you to a 404 Not Found page.
> * Options for customising the design of the URL - eg. whether to hide
> protocol, etc
Are you really suggesting that this be something Firefox has UI for by
Have you actually bothered to familiarise yourself with what we are
actually proposing? We are not proposing the "removal of favicons".
(Anyway, even if we were, people coped fine without them up until a
couple of years ago.)
To me, this sounds of resolving drivers not understanding street signs
and traffic rules by abolishing cars instead of requiring people to get
a drivers license.
I think the real solution is "ease users to learn themselves what is
important" and not "remove everything from the UI that somehow could get
complicated". That's what I always have disliked about MS's misguided
"usability improvements" in Windows with hiding everything that was
actually useful and replacing it with useless eye candy.
We shouldn't go down that path generally. But then, Firefox sometimes
tries to just imitate MS's UI style too much for me anyways, so maybe my
view of this is just one of the reasons why I'm not a Firefox user
1.) the favicon helps in recognizing where I'm in fact. A nice little
image is often easier to remember than a quirky domain name. I propose
to make the favicon optional. Make the default setting whatever you
want, but don't remove it entirely, for goodness sake!
2.) As of me, I differentiate two kinds of browsing: cross-domain, and
intra-domain browsing. It's very common to browse dozens of pages on a
single domain. In most cases, it's the end of the domain which
actually tells you where you are: look at blogs, semantic urls, etc.
Firefox has a bunch of nice features. If there aren't much to do,
there aren't. Focus on security, memory management (which imo got
certainly better with 2.x), and ease of use. Do not reinvent the
wheel. Don't behave like Microsoft: respect what's commonly accepted
(here I mean the usage of favicons, for example).
I'm opposed to this idea for a few reasons:
* as mentioned, some people use the favicon in the URL bar for
bookmarking things (I've done that often) and for determining which
site the user is on. Designers use it for branding.
The argument that this icon will still show up on the tabs is moot
when only one page is being viewed -- there are no tabs then.
* it addresses an edge case (spoofed lock icons)
* alternative methods could be used to point out the domain (if domain
spoofing is the main concern here). If highlighting and bold don't
pass user experience tests, maybe flashing a background color (behind
a span for the public suffix +2) when the domain changes. It seems
that we're really only concerned with the times when a domain is
changing, not persistently.
* there is no easy way to tell the user that if they click on the URL
they'll be able to see the whole string, and the grayed-out text is
really difficult to read without focusing the URL bar.
* those users who ignore the URL now may notice the dimming the first
few times, but since it isn't in their main field of view, they will
probably ignore it after a few site visits, and they won't benefit
from having the color contrast there. (if they're not looking at the
domain now, how will dimming the text ensure that they'll look in the
future, if none of the text elements are becoming more visible?)
Removing or replacing the favicon doesn't directly solve the issue of
spoofing, nor does it offer any real benefits. It seems to have more
disadvantages than benefits, even if users do start noticing that
they're being spoofed (and informed users know where the proper place
for a SSL icon is, and the change in URL background color).
Furthermore, it seems that the malware detection feature could act as
a suitable method for informing the user that they are on a
questionable site. It would be more apparent to the end user and
doesn't remove any functionality in doing so.
Alternatively, there is my earlier suggestion that a brief
highlighting or spotlight effect on the TLD + domain would bring
enough attention when the site has changed (especially if the user
doesn't expect a change in the site name), which also doesn't require
eliminating the existing favicon functionality.
To quote a statement beltzner made earlier today: "if the problem is
a 16x16 pixel favicon can look like our 16x16 pixel security
indicator, why don't we change the security indicator?" I completely
agree, and I think Johnathan is working on some new security UI mockups.
Grey URL bar text:
I am in favor of the changing the formating of the URL bar, since I
believe the domain name is simply more important than the rest of the
information, and for the vast majority of users, the domain name is
the only understandable piece of the URL.
However, I don't think this will have any effect of protecting users
from phishing attacks. Consider this study done at MIT:
> (60%) used rationalizations to justify the
> indicators of the attacks that they experienced. Nine
> subjects explained away odd URLs with comments like:
> www.ssl-yahoo.com is a subdirectory of Yahoo!, like
> sign.travelocity.com.zaga-zaga.us must be an
> outsourcing site for travelocity.com.
> Sometimes the company [Target] has to register a
> different name [www.mytargets.com] from its brand.
> What if target.com has already been taken by another
> Sometimes I go to a website and the site directs me to
> another address which is different from the one that I
> have typed.
> I have been to other sites that used IP addresses [instead
> of domain names].
So, even if we go nuts and color code every part of the URL, AND
magically everyone understands the color coding, people are still
going to rationalize.
But I still think we should grey out the rest of the URL, not because
it will help with phising, but because the visual design matches the
relative importance of each piece of information.
> dev-apps-firefox mailing list
I don't think that analogy holds. A better analogy would be resolving
drivers not understanding traffic rules by engineering the cars to know
how not to crash into each other, so they don't have to learn.
Is understanding a URL vital to being able to browse the web today? No,
but you can be at risk in some circumstances. So either we can teach
people to understand URLs (a very difficult task) or we can work to
eliminate the risk.
Are you actually reading? We aren't removing it entirely.