Site security status
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Site security status
Okay folks, with the feedback I got so far I've come up with a few possible ways to indicate site security status in an unambiguous way. The overall suggestion to use a colored border around the address bar seemed to be a good idea which I've built on for these suggestions.
Also, considering Pale Moon still uses the status bar - putting the padlock back there (the old way of doing it) is also an option, with the advantage that a site can't "fake" security by having a padlock as a favicon (cheap trick, I know)
So, I've come up with the following:
Firefox's padlock icon (no favicon) + identity panel + border
Favicon + identity panel with padlock + border
Favicon + identity panel + border (Pale Moon 12 way + added border)
Favicon + identity panel + border + padlock in status bar
Any other suggestions to consider?
Also, considering Pale Moon still uses the status bar - putting the padlock back there (the old way of doing it) is also an option, with the advantage that a site can't "fake" security by having a padlock as a favicon (cheap trick, I know)
So, I've come up with the following:
Firefox's padlock icon (no favicon) + identity panel + border
Favicon + identity panel with padlock + border
Favicon + identity panel + border (Pale Moon 12 way + added border)
Favicon + identity panel + border + padlock in status bar
Any other suggestions to consider?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Site security status
Immediate thought on the last one - I don't have the status bar showing, what about it showing in the navigation bar next to the bookmark star? Failing that the second option "Favicon + identity panel with padlock + border" seems the best to me, I get the impression that people want to see the padlock.
Re: Site security status
Next to the bookmark star is an option too - I'm actually looking at integrating that padlock add-on functionality into Pale Moon at the moment, if the author of that is OK with with it.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Site security status
I think the most important feature for most people is the Padlock always showing on secure sites and that is my preference, but the non - Mozilla one. So the second option: Favicon + identity panel with padlock + border, then. Some might like it showing in the status bar aswell, would that be possible or maybe included as an option? Currently I have that option with the add - on I'm using.
Re: Site security status
I'll see about making a configurable option (through about:config) for placing the padlock in 4 places of choice:
- Right next to the favicon
- On the right of the identity panel
- On the right of the address bar (next to he bookmark star)
- In the status bar
- Right next to the favicon
- On the right of the identity panel
- On the right of the address bar (next to he bookmark star)
- In the status bar
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Site security status
I have just tested Palemoon 15.1 and the existing transient padlock system is no good.
I log into my bank and I see the Padlock and summary details of all my accounts - all is good.
I hold down the control key as I click on the first account and a new TAB opens;
I click on the new TAB and see account details - but the Padlock has vanished even though I still have secure https:\ to the same site;
I click on the previous TAB and again see all my summary details of all accounts - BUT no Padlock even though I still have secure https:\.
If I had to then I could live with a vanishing Padlock,
but for the benefit of the less technical members of my household I will not tell them to forget the standard safety rule of looking for a Padlock
and so will not upgrade them from Palemoon 12.3? until the padlock is no longer transient.
Regards
Alan
I log into my bank and I see the Padlock and summary details of all my accounts - all is good.
I hold down the control key as I click on the first account and a new TAB opens;
I click on the new TAB and see account details - but the Padlock has vanished even though I still have secure https:\ to the same site;
I click on the previous TAB and again see all my summary details of all accounts - BUT no Padlock even though I still have secure https:\.
If I had to then I could live with a vanishing Padlock,
but for the benefit of the less technical members of my household I will not tell them to forget the standard safety rule of looking for a Padlock
and so will not upgrade them from Palemoon 12.3? until the padlock is no longer transient.
Regards
Alan
Re: Site security status
It's a different logic.
If you have already logged in to the bank site, you know for a fact that you are on a secure site and the display of the lock is no longer necessary - If the site you logged in to is secure, then any links on that site are going to be trusted links.
You will still have an indication of the secure status with the colored identity panel confirming where you are.
It is, however, a shortcoming that opening a tab in the background won't show the lock (which is the only issue here). With the redesign I'm working on as shown mockups of here in this thread, that will no longer be an issue.
Pale Moon 12.3 has no padlock at all, by the way, so your rule of thumb won't do your family much good if they are looking for one.
If you have already logged in to the bank site, you know for a fact that you are on a secure site and the display of the lock is no longer necessary - If the site you logged in to is secure, then any links on that site are going to be trusted links.
You will still have an indication of the secure status with the colored identity panel confirming where you are.
It is, however, a shortcoming that opening a tab in the background won't show the lock (which is the only issue here). With the redesign I'm working on as shown mockups of here in this thread, that will no longer be an issue.
Pale Moon 12.3 has no padlock at all, by the way, so your rule of thumb won't do your family much good if they are looking for one.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Site security status
+1
Having a configurable option would be ideal, as that would suit everyone's preferences.
Portuguese translator of Pale Moon
Re: Site security status
haha. no way.
This is much more involved; 15.1.1 will be a performance and stability update only.
This is much more involved; 15.1.1 will be a performance and stability update only.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Site security status
In regards to this thread I would like to post my feedback here.
The situation in this mockup would be ideal for me:
The situation in this mockup would be ideal for me:
Users are always looking for the padlock so it's not done to remove it if you switch tabs. Although it has no use it gives a feeling of safety for most people. So I recommend to you that you always show the padlock on secure sites.Moonchild wrote: Favicon + identity panel with padlock + border
Re: Site security status
then when ? Just for me it's very importantMoonchild wrote:haha. no way.
This is much more involved; 15.1.1 will be a performance and stability update only.
Re: Site security status
Until Moonchild implements this try these fully configurable add-ons. Site Favicon In Urlbar: https://addons.mozilla.org/en-us/firefo ... src=search and Padlock: https://addons.mozilla.org/en-US/firefo ... lock-icon/aleks_123 wrote:then when ? Just for me it's very importantMoonchild wrote:haha. no way.
This is much more involved; 15.1.1 will be a performance and stability update only.
Edit: I've noticed an increase in memory useage with ''Site Favicon In Urlbar'' whilst not massive might impact performance on some systems. As an alternative, here is another add-on that achieves a similar effect, though not configurable it also allows you do away with the ''Padlock'' add-on. Favicon Restorer: https://addons.mozilla.org/en-US/firefo ... -restorer/
Last edited by steviem1 on 2012-09-21, 23:06, edited 1 time in total.
Re: Site security status
I like the first (Firefox's padlock icon (no favicon) + identity panel + border), but without border.
And maybe replace the icon with the lock from the other pictures. Like this:
A lock is a better security icon.
And maybe replace the icon with the lock from the other pictures. Like this:
A lock is a better security icon.
Re: Site security status
I much prefer this :-
I like the close proximity of the Padlock to the "https:"
With a single glance I can see that I have a Secure protocol link,
and hopefully a locked padlock to indicate adequate encryption strength and a valid certificate,
with something other than a locked padlock if security is not what it should be.
Regards
Alan
I like the close proximity of the Padlock to the "https:"
With a single glance I can see that I have a Secure protocol link,
and hopefully a locked padlock to indicate adequate encryption strength and a valid certificate,
with something other than a locked padlock if security is not what it should be.
Regards
Alan
Re: Site security status
I'm leaning towards alan9182's look, but most of all the more important thing is to be able to configure it at will.
Portuguese translator of Pale Moon
Re: Site security status
I logged into Facebook today and saw blue "facebook.com" words in text to the left of my URL and found it weird. Pushing my URL to the right that much for https sites sort of throws me off, as it messes up the "continuity" of my navigation bar, and I'm not really sure why I need to see the text of the url twice (once in blue and once in the actual link) anyway. I don't believe the blue "facebook.com" text makes it feel safer. If it's not going to the real "facebook.com" site, shouldn't it just put a full page warning that the site is not safe and ask you if you really want to go there? I think just having a "lock icon" (that you can hover over to see the actual "facebook.com" text if you really want) would be more than enough. I'll probably look for how to turn this "identity panel" thing off. Just my opinion of course.
Re: Site security status
That's funny, because this has been the way Pale Moon has been doing it since v4. Only 15.0 didn't have it.ninaholic wrote:I logged into Facebook today and saw blue "facebook.com" words in text to the left of my URL and found it weird.
It will immediately show you which domain you are connected to, while you are looking at the start of the address bar anyway. Domain highlighting only goes so far (I personally turn that off, actually, since I find the grey too low contrast to comfortably read) and the domain, depending on length and number of sublevel names, can be anywhere in your address bar, not the quickest way. E.g., phishing sites may use www.paypal.com.something.somethingelse.phishingserver.net as a domain name. having "phishingserver.net" displayed right at the start of the address bar will immediately show you you aren't on paypal.comI'll probably look for how to turn this "identity panel" thing off. Just my opinion of course.
But, at least in Pale Moon you can switch it off, since I restored support for browser.identity.ssl_domain_display (The Firefox team removed it completely...)
Set browser.identity.ssl_domain_display to 0, and it won't display the domain name (with the proposed padlock implementation, you will just have the favicon and a padlock)
Set browser.identity.ssl_domain_display to 1 (default), and it'll display the root domain (e.g.: google.com)
Set browser.identity.ssl_domain_display to 2, and it will display the entire host name
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Site security status
Interesting! I uninstalled 15.1.1 and installed 12.3 to double-check, and low and behold you were right:Moonchild wrote:That's funny, because this has been the way Pale Moon has been doing it since v4. Only 15.0 didn't have it.
In PM 12.3:
In PM 15:
In PM 15.1.1:
So I guess it is just my color scheme that makes 15.1.1 look weird and all bunched up (I use this because my computer is normally on high-contrast mode). I think I will try your browser.identity.ssl_domain_display to 0 suggestion in 15.1.1 for now... thanks. It actually looks pretty good for me with the different colored border/box in 12.3 though!
As you say, I guess it also shows up in a different color (mine shows up as white so it's easy to see) in the domain name.