Make Pale Moon autocomplete adhere to W3C standards

[opera1215b1748]

...
And I repeat, a shared environment computer requires it to be properly set up.
...

+1

[Trippynet]

I would also like to point out that I actually use a 3rd part password manager (RoboForm) because it allows me to save usernames and passwords, sync them between machines, and also allows me to protect them all with a master password (so not a problem if a laptop is lost/stolen or something).

The advantage to this is it encourages me to use strong and varying passwords across the sites I use. If websites were to have the power to block this, then I struggle to remember which of my 30 different passwords I use for all the sites I use and would therefore be (effectively) forced to rely upon shared passwords, weaker passwords, or would have to save a list of them somewhere. This list probably wouldn't be protected by a master password and hence my security would be weakened as a result.

In short, I feel the ability to save passwords makes me more secure online, not less secure - to say nothing about convenience as well.

Security is a tough one. Tighten it up too much and you just result in people writing the passwords down in plain view - which defeats the whole object.

[SvenG]

Security is a tough one. Tighten it up too much and you just result in people writing the passwords down in plain view - which defeats the whole object.

It might in worst case end up, and that is something I have seen personally, with people writing it down on a piece of paper and stick it to the edge of their computer screen (single user computer but an office that was more or less public). In the end, the web masters will always come to a point where they cannot control what the user does.

[Night Wing]

Security is a tough one. Tighten it up too much and you just result in people writing the passwords down in plain view - which defeats the whole object.

I've got about 30 sites with 12-14 character passwords for each of them. But, I don't use Roboform. Basically, I'm old school. I write my passwords down in a small log book, but I don't keep it out in plain view. I put the log book in a draw in another room underneath a few items so even it the draw is open, the log book can't be seen.

This way, if Roboform isn't working for whatever reason when a browser updates (Pale Moon or Firefox), it doesn't affect me in any way.

There's still a good use for paper and pen in the "paper empire".

[LoveNewBrowser]

And I repeat, a shared environment computer requires it to be properly set up.

I agree, but reality shows that this is rarely the case. This article is good read: http://www.computerworld.com/s/article/ ... lame_users
We can't just put all the decisions into the user's hands and then blame the dumb user if stuff goes wrong. Here I want to make a web app a wee bit more secure and browser developers do not let me do it. Why? The standard provides the tools to do it, in fact, it is about as simple as it could reasonably get.
As with everything, I strongly suggest an opt-in approach for everything. I'd be fine with having a user explicitly enter a domain to a list to be included for password management. Yes, that is more work for the user, but it will force users to put more thought into it than just click a button. The user is often the weakest link for good or bad reasons, not the best place to concentrate all decision power, especially when it comes to security.

[Trippynet]

The problem with this is that such a change will not necessarily improve security at all (see my points above), it will make a couple of developers feel a bit better, but will annoy significantly more users.

I cannot see why MoonChild would change a feature when the current one is compliant, the change would annoy users, and would also provide very questionable benefit.

[Sob__]

It's funny and sad at the same time. We have people using shared computers and when asked if their valuable password should be remembered, they see no problem with that and say yes. And we're asking how to protect them. Shouldn't we rather ask if they should be allowed to use computers at all?
I mean, of course they should, but let them make mistakes and learn from them. It works this way with everything else, driving a car, crossing street, using knife, ... everything. Who came with the idea that with computers it should be different and the only required skill should be an ability to find power switch? If it goes this way, it can't end well.

[Moonchild]

And I repeat, a shared environment computer requires it to be properly set up.

I agree, but reality shows that this is rarely the case. This article is good read: http://www.computerworld.com/s/article/ ... lame_users
We can't just put all the decisions into the user's hands and then blame the dumb user if stuff goes wrong.

I beg to differ.

One of the main driving forces behind Pale Moon's direction is that the user is in control and the user has choice. If you are looking for a browser that caters to breeding more ignorance by taking away choice and "protecting" the user from all potentially wrong use, including bad setups by the people who should know better (e.g. admins of shared environment computers), who most definitely CAN be blamed for not doing their job, then you should look for a different browser and you're in the wrong place here.

EDIT: and if it's "rarely the case" that people actually read choice boxes and rarely the case that people don't set up shared environments, then it's about time that this changes, don't you think? Pale Moon wholeheartedly supports promoting such a change for the better. If this is made into a discussion about principles, which it seems to have, then this is Pale Moon's founding principle in this matter.

[Trippynet]

It's funny and sad at the same time. We have people using shared computers and when asked if their valuable password should be remembered, they see no problem with that and say yes.

You are aware I presume that the password manager can be easily turned off in Pale Moon?

If users have their own logins and Windows profiles, the password manager is no security risk at all (unless of course you do something daft and set them all up with Administrator access to each other's profiles). If it's a shared login, turn the password manager off.

This is the root of the issue here. If it's a shared user environment with a shared logon, you (or whoever manages the machines) have to take some responsibility for configuring and locking the systems down in a different way to what you'd do for single-user systems. You cannot just expect that programs will intentionally cripple the user experience for everyone and lock everything down completely just to save you the hassle - annoying countless other users in the process. There are thousands of preferences in Pale Moon (and Firefox) which control how the browser works. You can set these and lock them down without too much trouble. Also, check out about:permissions as well as you can easily disable the password manager for all sites from here as well.

This way, you get to lock the browser down in a way that suits you for the machines you deal with, and I still get the choice to save my online passwords, regardless of what some unknown developer thinks I should do.

[squidbe]

We can't just put all the decisions into the user's hands and then blame the dumb user if stuff goes wrong. Here I want to make a web app a wee bit more secure and browser developers do not let me do it. Why?

Because of this:

One of the main driving forces behind Pale Moon's direction is that the user is in control and the user has choice.

And thank goodness!

LoveNewBrowser, I work in a corporate environment where I'm sitting behind a firewall, and my laptop has a required login upon boot/wake as well as a built-in (and not overridable) 10-minute-idle-time screen lock. I want to save passwords as much as possible .

I'd be curious to know if there are reliable stats on which types of users in which types of environments are actually victims of password theft from their own computers. I'd venture a guess that those most likely to be victims are least likely to be in environments where there's someone who actually wants to try to break into their system and view passwords. But that's just a guess, of course.

In any case, as Moonchild stated, this is a browser aimed at informed users, and I'm very thankful that it exists.

[opera1217b1863]

...as Moonchild stated, this is a browser aimed at informed users...

+1
I always said - because PM is not "an average browser suitable for unwashed masses" - PM audience is far from being computer-illiterate.
Such an audience needs more functionality to be built-in rather than to depend on band-aids and/or add-ons.
More focus should be on manageability of PM from one central point (a local admin should be able to set the level of security below which no mortal users could lower the defenses in their profiles).

[Moonchild]

In any case, as Moonchild stated, this is a browser aimed at informed users, and I'm very thankful that it exists.

I'd actually prefer to say that I don't aim to cater to ignorance. Subtle difference maybe, but I'd rather say that people should use common sense and be willing to learn and become informed if they aren't informed yet. Pale Moon is very much a browser for everyone, not just power users or people who already know what they are doing in detail. I just don't aim for the lowest common denominator like other browsers seem to try. I assume that people looking for alternative browsers have enough experience with the Internet and computers to make at least somewhat informed decisions, and yes, the user has responsibility for their own use of the browser. It's about striking a balance between making it sufficiently easy for anyone to use, but with a low enough threshold for people to learn more and customize/configure it the way they want.

[squidbe]

I'd actually prefer to say that I don't aim to cater to ignorance. Subtle difference maybe, but I'd rather say that people should use common sense and be willing to learn and become informed if they aren't informed yet.

Fair distinction. I just didn't wanna be that blunt.

[Pale Face]

Since Firefox dropped its "Ask Me Every Time" cookies option, I've been looking for another browser that respects my need for control and privacy (insofar as either or both are privacy amid the majority belief that Internet users effectively/voluntarily surrender the right to both.

Still, I am disappointed to find that Pale Moon does not include the autocomplete feature.

Since I care more about Internet privacy than many who use the autocomplete feature, I carefully watch what personal information populates as I result of what I "program" and override portions of the forms I seek to complete when I so choose, before I hit "send."

That's what everyone for whom autocomplete is an issue should do, in the absence of the ability to toggle a default autocomplete option on or off.

Autocomplete is a time-saver that does not have to compromise privacy. Its availability should be a function of all browsers and its use should be user's/account-holder's call.

[lyceus]

Since Firefox dropped its "Ask Me Every Time" cookies option, I've been looking for another browser that respects my need for control and privacy (insofar as either or both are privacy amid the majority belief that Internet users effectively/voluntarily surrender the right to both.

Please stay on topic. If you need to discuss Firefox autofill feature you can either post in a proper thread or start a new one if needed.

[Moonchild]

off-topic necroposting. Please stick to board rules.