[cap-talk] A petname toolbar for Firefox

Ka-Ping Yee cap-talk at zesty.ca
Mon Feb 21 19:43:40 EST 2005 

On Mon, 21 Feb 2005, Tyler Close wrote:
> On Feb 18, 2005, at 5:35 PM, Jed at Webstart wrote:
> > To get effective protection from such a mechanism I believe it
> > important that there be some mechanism to warn a user if they enter
> > data into a site that is "untrusted".
[...]
> Ping has also suggested this more intrusive form of warning. I am still
> unsure about it. At first, it seems like a good set of training wheels
> to encourage use of the petname toolbar. Further thought makes the idea
> seem more dubious.
>
> The user should *not* make a petname for every site he interacts with,
> only for the sites for which he extends some trust. A dialog which
> forces the user to create a petname for an untrusted site creates a
> misunderstanding of the purpose of the petname toolbar and builds bad
> user habits. It also has the side-effect of making the petname toolbar
> seem like an annoying bit of homework that constantly pesters the user.

I have suggested (and continue to support) non-interrupting notification,
but "a dialog which forces the user to create a petname for an untrusted
site" is *not* the intrusive form of warning i have suggested.  I've
argued previously, in agreement with Tyler, that a prompt interrupting
the user's workflow and encouraging the user to assign petnames would
defeat the purpose of a petname system.

The form of notification i do support is a transient warning message.
By "transient" i mean a message that does not require user action to
dismiss; rather, it appears while relevant and disappears on its own.
I imagine such a message looking and behaving like a tooltip or an
autocompletion list.

While filling out a form on a site with no petname, i would like to see
a message appear below the entry field that says something like "Treat
this site as you would treat a stranger."  This message would appear as
soon as the cursor is placed in the entry field and fade away by itself
after the keyboard focus leaves the entry field.

Similarly, while entering a password on a site that does not use SSL,
i would like to see a message appear below the password field that says
something like "This password will be visible to others as it travels
over the Internet."

In short, i agree with Jed that notification needs to be brought closer
to the focus of attention (which, during typing, is the form field).
I also agree with Tyler that this notification must not interrupt
workflow by demanding extra work from the user.  Hence the concept of
the transient warning message.


-- ?!ng

More information about the cap-talk mailing list