Site security status

[Moonchild]

Okay folks, with the feedback I got so far I've come up with a few possible ways to indicate site security status in an unambiguous way. The overall suggestion to use a colored border around the address bar seemed to be a good idea which I've built on for these suggestions.

Also, considering Pale Moon still uses the status bar - putting the padlock back there (the old way of doing it) is also an option, with the advantage that a site can't "fake" security by having a padlock as a favicon (cheap trick, I know)

So, I've come up with the following:

Firefox's padlock icon (no favicon) + identity panel + border


Favicon + identity panel with padlock + border



Favicon + identity panel + border (Pale Moon 12 way + added border)



Favicon + identity panel + border + padlock in status bar




Any other suggestions to consider?

[Rohugh]

Immediate thought on the last one - I don't have the status bar showing, what about it showing in the navigation bar next to the bookmark star? Failing that the second option "Favicon + identity panel with padlock + border" seems the best to me, I get the impression that people want to see the padlock.

[Moonchild]

Next to the bookmark star is an option too - I'm actually looking at integrating that padlock add-on functionality into Pale Moon at the moment, if the author of that is OK with with it.

[steviem1]

I think the most important feature for most people is the Padlock always showing on secure sites and that is my preference, but the non - Mozilla one. So the second option: Favicon + identity panel with padlock + border, then. Some might like it showing in the status bar aswell, would that be possible or maybe included as an option? Currently I have that option with the add - on I'm using.

[aleks_123]

Favicon + identity panel with padlock + border

+1

But here you can implement such an option?





Looks so beautiful

[Moonchild]

I'll see about making a configurable option (through about:config) for placing the padlock in 4 places of choice:
- Right next to the favicon
- On the right of the identity panel
- On the right of the address bar (next to he bookmark star)
- In the status bar

[alan9182]

I have just tested Palemoon 15.1 and the existing transient padlock system is no good.

I log into my bank and I see the Padlock and summary details of all my accounts - all is good.

I hold down the control key as I click on the first account and a new TAB opens;
I click on the new TAB and see account details - but the Padlock has vanished even though I still have secure https:\ to the same site;
I click on the previous TAB and again see all my summary details of all accounts - BUT no Padlock even though I still have secure https:\.

If I had to then I could live with a vanishing Padlock,
but for the benefit of the less technical members of my household I will not tell them to forget the standard safety rule of looking for a Padlock
and so will not upgrade them from Palemoon 12.3? until the padlock is no longer transient.

Regards
Alan

[Moonchild]

It's a different logic.
If you have already logged in to the bank site, you know for a fact that you are on a secure site and the display of the lock is no longer necessary - If the site you logged in to is secure, then any links on that site are going to be trusted links.
You will still have an indication of the secure status with the colored identity panel confirming where you are.

It is, however, a shortcoming that opening a tab in the background won't show the lock (which is the only issue here). With the redesign I'm working on as shown mockups of here in this thread, that will no longer be an issue.

Pale Moon 12.3 has no padlock at all, by the way, so your rule of thumb won't do your family much good if they are looking for one.

[tribaljet]

Favicon + identity panel with padlock + border

+1

But here you can implement such an option?





Looks so beautiful

+1

Having a configurable option would be ideal, as that would suit everyone's preferences.

[aleks_123]

It will be realized in PM 15.1.1 ?

[Moonchild]

haha. no way.
This is much more involved; 15.1.1 will be a performance and stability update only.

[Marcoevich]

In regards to this thread I would like to post my feedback here.

The situation in this mockup would be ideal for me:

Favicon + identity panel with padlock + border

Users are always looking for the padlock so it's not done to remove it if you switch tabs. Although it has no use it gives a feeling of safety for most people. So I recommend to you that you always show the padlock on secure sites.

[aleks_123]

haha. no way.
This is much more involved; 15.1.1 will be a performance and stability update only.

then when ? Just for me it's very important

[steviem1]

haha. no way.
This is much more involved; 15.1.1 will be a performance and stability update only.

then when ? Just for me it's very important

Until Moonchild implements this try these fully configurable add-ons. Site Favicon In Urlbar: https://addons.mozilla.org/en-us/firefo ... src=search and Padlock: https://addons.mozilla.org/en-US/firefo ... lock-icon/

Edit: I've noticed an increase in memory useage with ''Site Favicon In Urlbar'' whilst not massive might impact performance on some systems. As an alternative, here is another add-on that achieves a similar effect, though not configurable it also allows you do away with the ''Padlock'' add-on. Favicon Restorer: https://addons.mozilla.org/en-US/firefo ... -restorer/

[dark_moon]

I like the first (Firefox's padlock icon (no favicon) + identity panel + border), but without border.

And maybe replace the icon with the lock from the other pictures. Like this:


A lock is a better security icon.

[alan9182]

I much prefer this :-


I like the close proximity of the Padlock to the "https:"
With a single glance I can see that I have a Secure protocol link,
and hopefully a locked padlock to indicate adequate encryption strength and a valid certificate,
with something other than a locked padlock if security is not what it should be.

Regards
Alan

[tribaljet]

I'm leaning towards alan9182's look, but most of all the more important thing is to be able to configure it at will.

[ninaholic]

I logged into Facebook today and saw blue "facebook.com" words in text to the left of my URL and found it weird. Pushing my URL to the right that much for https sites sort of throws me off, as it messes up the "continuity" of my navigation bar, and I'm not really sure why I need to see the text of the url twice (once in blue and once in the actual link) anyway. I don't believe the blue "facebook.com" text makes it feel safer. If it's not going to the real "facebook.com" site, shouldn't it just put a full page warning that the site is not safe and ask you if you really want to go there? I think just having a "lock icon" (that you can hover over to see the actual "facebook.com" text if you really want) would be more than enough. I'll probably look for how to turn this "identity panel" thing off. Just my opinion of course.

[Moonchild]

I logged into Facebook today and saw blue "facebook.com" words in text to the left of my URL and found it weird.

That's funny, because this has been the way Pale Moon has been doing it since v4. Only 15.0 didn't have it.

I'll probably look for how to turn this "identity panel" thing off. Just my opinion of course.

It will immediately show you which domain you are connected to, while you are looking at the start of the address bar anyway. Domain highlighting only goes so far (I personally turn that off, actually, since I find the grey too low contrast to comfortably read) and the domain, depending on length and number of sublevel names, can be anywhere in your address bar, not the quickest way. E.g., phishing sites may use www.paypal.com.something.somethingelse.phishingserver.net as a domain name. having "phishingserver.net" displayed right at the start of the address bar will immediately show you you aren't on paypal.com

But, at least in Pale Moon you can switch it off, since I restored support for browser.identity.ssl_domain_display (The Firefox team removed it completely...)
Set browser.identity.ssl_domain_display to 0, and it won't display the domain name (with the proposed padlock implementation, you will just have the favicon and a padlock)
Set browser.identity.ssl_domain_display to 1 (default), and it'll display the root domain (e.g.: google.com)
Set browser.identity.ssl_domain_display to 2, and it will display the entire host name

[ninaholic]

That's funny, because this has been the way Pale Moon has been doing it since v4. Only 15.0 didn't have it.

Interesting! I uninstalled 15.1.1 and installed 12.3 to double-check, and low and behold you were right:

In PM 12.3:


In PM 15:


In PM 15.1.1:


So I guess it is just my color scheme that makes 15.1.1 look weird and all bunched up (I use this because my computer is normally on high-contrast mode). I think I will try your browser.identity.ssl_domain_display to 0 suggestion in 15.1.1 for now... thanks. It actually looks pretty good for me with the different colored border/box in 12.3 though!

As you say, I guess it also shows up in a different color (mine shows up as white so it's easy to see) in the domain name.