Hacker News new | ask | show | jobs
by akjj 4099 days ago
The argument against this is that a URL starting with https means something, at least to some users and your proposal would undermine that. When I want to go to my bank, I type chase into the address bar and choose one of the suggestions that starts with https and then go about my business. Maybe I should be paying attention to whether or not there's a green lock in the upper left and maybe I'd notice if it were missing, but I don't intentionally look for for the lock. In your proposed change, the absence of a lock icon would be the only way I'd notice if my connection were being MITM'ed. So, in that way it would be making the web less secure for users who are entering an https URL and expect it to be secure.

That's what's attractive to me about Firefox's opportunistic encryption proposal. It really makes no change in the UX compared to an unencrypted connection, not in the URL and not in the time to connect.
1 comments
untog 4099 days ago
I'd be interested to know how many users notice the HTTPS as opposed to the padlock. After all, no-one types the "http" in a web address anyway.
link
rdtsc 4098 days ago
There are different classes of users. Above average users will notice.

My mom for example won't notice. She doesn't know what a URL bar is. She doesn't even look at that place. She clicks on her toolbar for Gmail and other sites she uses. She wouldn't care if it said http:// https:// or foobar://. She will be scared and be afraid to proceed if she would see the "Warning, untrusted certificate!" dialog.

My wife knows something about http vs https. If it says https she knows it is safe to type in her credit card number. https means "secure". But she doesn't know about authentication vs encryption. And will be equally scared about "Warning, untrusted certificate!" dialog. That might as well say "Your computer is hacked and you have a virus".

Anyway just giving a perceptive on how this affects different classes of users. As I put it in another post, it is in large about the UI.

link
deckiedan 4098 days ago
How about an open padlock? If I saw that my initial reaction would be "WFT?", mouse-over it, and then get a dialog explaining it.
link