Re: [cap-talk] Re: First point of consensus
Ka-Ping Yee
cap-talk at zesty.ca
Wed Feb 9 16:16:14 EST 2005
On Wed, 9 Feb 2005, [iso-8859-1] Tyler Close wrote:
> I was *not* claiming any of the following:
> 1. The petname toolbar could be incorrectly implemented and still work.
> 2. The petname toolbar could be presented in the wrong context and still
> work.
> 3. The petname toolbar could not be undermined by new browser navigation
> mechanisms.
> 4. The petname toolbar requires no explanation or user training.
> 5. The petname toolbar is foolproof.
>
> Normally, I would expect all of the above to be understood. It seems
> unreasonable to ask that any UI feature require no training and be
> foolproof.
I didn't assume you were making any of these extreme claims. The
problem is merely that the assumptions you are making here are not
well-defined enough for me to confidently say that adding a petname
toolbar to an existing browser will prevent phishing. We don't
even know what it means to "correctly" design or implement petnames
yet. We don't know how it will interact with the user's use of
other navigation mechanisms.
And yes, i am remaining open to the possibility that adding the
petname toolbar without modifying anything else could do more harm
than good. (For example, if users just start assigning names to
everything out of habit, that could promote a false sense of trust.)
I find the form of the claim too broad. I think we may have a much
better chance of finding consensus by starting with simpler statements,
and building up from there. Here's an example i would support:
When a user uses a petname instead of a domain name to
identify a website, his or her vulnerability to misdirection
is significantly reduced.
-- ?!ng
More information about the cap-talk
mailing list