|
|
|
|
|
|
by olliej
2755 days ago
|
|
|
The status bar has never been a anti-phishing tech, and I would argue that if anything it aids phishing[1]. The thing that prevents phishing is the location bar. Also at that point in history phishing via fake urls was less of a problem - you could still trivially give the page a title (users only looked at the window title bar), and a copy of the verisign or thawte “secure page” graphic and you’d be set. [1] pretty much from day 1 of js existing IE allowed js control of the content of the status bar, click handlers on links can change the window location directly, etc. Even today the link for urls is still frequently javascript:... so what adding a status bar does do is add another thing that tells the user what a link is, leading to a false sense of trust a importantly a sense of trust that can lead to not paying attention to the one true thing in the window: the location bar. |
|
|