Design in the Wild: Firefox’s Phishing Warning
I’m not sure when this feature was introduced, but Firefox now warns users of possible fraudulent websites with a new notification design: a security icon (red circle with a horizontal line through it), fading of the loaded website, and a popup with notification text and user preferences. Although more intrusive, I think this notification method is better than the in-frame notification for popup windows (which is common enough occurance to induce banner blindness), especially because the attention is needed for a serious matter. I just hope advertisements don’t use this interaction method to get around banner blindness.
Very neat. When will Konqueror do this?
George Staikos comitted code to implement the “behind-the-scenes” aspect of phising protection some time ago. I don’t think it has a UI yet.
His commit log suggested that the feature “should default to off” (paraphrased). I wrote a comment on the dot at the time disagreeing on the basis that the people who are least likely to spot a fraudulent website are also the people least able to find out about and enable such protection. I didn’t see any objections from respondants, so I think it will be possible to ship with this enabled when ready.
Why should advertisements have access to this mechanism to begin with? If Konqueror is doing a specific balloon type for fraudulent sites then it should not be triggerable by an agent that Konqueror doesn’t trust.
I am no software engineer, but isn’t the display of the markup/css separate from the display of the browser? So, popping up a balloon a anti-fraud balloon should be part of the browser itself and not part of the markup-display mechanism.
I agree, this is much better than IE’s near-invisible notification toolbar, which refreshes in a manner that breaks half the web-apps i use as i add them to trusted sites.
I also consider it superior to Google’s extremely annoying “This page might be suspect, I’m going to make you copy and paste the URL if you really want to go to it” notification as well.
Once again, Firefox wins.
I wonder how long it’s going to be before phishing webpages start reproducing this, and linking their site to the Red X and Get Out Of Here links…
@Samir
Not the actual implementation, but the design: frame background fade + in your face popup. Works great when something serious is going on. Really annoying if all they want to sell you are pills. There are already some of these floating around already; I think the NYT uses it for its member signup recruitment.
If a design which successfully commands attention gets misused by nonimportant items which deserve no attention, users will begin to have a negative reaction to it and it will lose its effectiveness. The last thing you want is a user to click away a phishing popup because they’re sick of ‘useless’ popups.
Celeste,
Thanks for the clarification.
The design for an anti-phishing component in Konqueror could be configurable. The default could be the greyed out background, but more users with more needs could use a reddish haze, or a purplish one, a ‘purple rain’ if you will.
One way in which this method is less likely to cause banner blindness is that it causes your whole flow to be slowed down. Even if this becomes abused just making it slightly different and/or user-configurable could do wonders.
I am, of course, speculating.