When you try to access https site and there's a problem with certificate, PM shows warning about untrusted connection (try e.g. https://77.75.76.3/ to see one). Its current appearance originates from FF and I guess the idea was to not scare beginners.
But when there's a problem, I need to see details to know what to do next. I need that every single time. So it means that every single time I have to click "Technical Details" to see required info.
And then in >90% cases the problem is result of current "https mania" ("oh no, http is not secure, I absolutely must have https on my blog, but I'm not going to pay for trusted certificate"). So most of the time I also have to click "I Understand the Risks" to get to "Add Exception..." button.
Proposed solution:
Remove a need to manually expand "Technical Details" and "I Understand the Risks". Show them both expanded by default. I see it as simple "undumbing" and I believe that even a complete beginner can't be scared by that.
More user friendly untrusted connection warning
Re: More user friendly untrusted connection warning
Thanks, that's actually a good suggestion considering the overall wording of the expanded sections; the problem is, though, that people are already too quick to "add exceptions" for sites when they don't fully understand the risks, so I'll have to clarify the risk of adding an exception if I expand it by default.
You can currently already expand them by default by setting browser.xul.error_pages.expert_bad_cert to true
You can currently already expand them by default by setting browser.xul.error_pages.expert_bad_cert to true
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Re: More user friendly untrusted connection warning
"There are sharks in the pool"
"Sharks bite"
"Do not go in the pool unless you want to get bitten"
"Are you sure you want to go in the pool with sharks?"
That's the amount of warnings that I see now for untrusted connections. You can add "shark bites hurt", but is that really necessary?
If it was up to me, I'd add another button next to "Add Exception...", called something like "I don't care, just let me in this one time", but I understand that it does not have any chance to pass. But that's fine, now with autoexpanding option, it's much better already.
One more idea, perhaps making "Permanently store this exception" not checked by default could be used against too quick clickers. If they did not read much, they would be reminded next time that something is still wrong. On the other hand, changing that may be just a pointless annoyance for the rest.
"Sharks bite"
"Do not go in the pool unless you want to get bitten"
"Are you sure you want to go in the pool with sharks?"
That's the amount of warnings that I see now for untrusted connections. You can add "shark bites hurt", but is that really necessary?
If it was up to me, I'd add another button next to "Add Exception...", called something like "I don't care, just let me in this one time", but I understand that it does not have any chance to pass. But that's fine, now with autoexpanding option, it's much better already.
One more idea, perhaps making "Permanently store this exception" not checked by default could be used against too quick clickers. If they did not read much, they would be reminded next time that something is still wrong. On the other hand, changing that may be just a pointless annoyance for the rest.
Re: More user friendly untrusted connection warning
You should care, because this warning is never given without a good reason, and you should verify the details before adding an exception (which is done in the exception dialog).Sob__ wrote:If it was up to me, I'd add another button next to "Add Exception...", called something like "I don't care, just let me in this one time"
It's an elaborate procedure for a reason because you should never add exceptions for certificates unless you are 100% aware of the risks involved for doing so (should only be done, ever, for self-signed certificates on your local network, never for internet).
As far as "I can't pay for my ssl certificate" that is not a valid reason - there are free ssl certificate procedures for anyone to use for a class 1 certificate (see e.g. StartSSL).
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Re: More user friendly untrusted connection warning
To clarify, I do care about security most of the time. But lets say that I search for something, I'm clicking through many results presented by search engine, just to find that most of them are useless. So it's tens and sometimes hundereds of pages. And if some of them use https with untrusted certificate, I really don't care at all and I just wish they used plain http.
Re: More user friendly untrusted connection warning
I agree there, but you make this a reflection on Pale Moon's security measures and them being there for a very good reason and in the form they are for a very good reason - you shouldn't do that. it's not Pale Moon's fault that people don't care to set it up properly and force you to make certificate exceptions.Sob__ wrote:To clarify, I do care about security most of the time. But lets say that I search for something, I'm clicking through many results presented by search engine, just to find that most of them are useless. So it's tens and sometimes hundereds of pages. And if some of them use https with untrusted certificate, I really don't care at all and I just wish they used plain http.
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss