Comments on: Informed choices and real security

By: jpr blog » Blog Archive » Security Usability

jpr blog » Blog Archive » Security Usability — Thu, 03 May 2007 03:27:08 +0000

[...] Bryan, another good paper [...]

By: Bryan Clark › The Untrusted Certificate Dialog

Bryan Clark › The Untrusted Certificate Dialog — Wed, 02 May 2007 16:16:59 +0000

[...] of good comments on my post about informed choices and real security, it would be nice to see some good open source solutions out there. And I’m glad I [...]

By: Bryan Clark

Bryan Clark — Wed, 02 May 2007 14:11:15 +0000

@johan: Well actually in practice most people are just going to click OK no matter what. The person’s intention was to visit the web page so using an ugly dialog as a speed bump doesn’t actually do anything. And like you say the worst part is that most of the time it’s just a stupid site error and not something evil going on.

@stephen: Yeah, that’s usually the reason behind these things. If they just let you go straight there and something bad happened the browser creators might face some fault. I have a post I’ll put up soon examining the current certificate dialog. Mostly my suggestion is to stop using dialogs as speed bumps and just subtly inform people of the issue. To protect themselves from legal issues and to protect their users from phishing browser creators should look towards a better system of rating sites similar to the things nate shared.

By: Bryan Clark

Bryan Clark — Wed, 02 May 2007 14:03:32 +0000

@nate: Thanks for the link! That’s the kind of thing that we could be doing for free software. It would be naive to build a system that simple trusted everyone’s evaluations of the site, you’d probably need some kind of reputation of users ranking sites built into it. And that’s where the innovation is needed most!

@bma: exactly, you can’t just have a this site is and always is safe. You’d probably need a real time listing, maybe using trends to examine if people are begining to mark the site unsafe.

@joe: And that’s part of the problem with stopping people to ask if they want to visit the site. Informing someone that there is an issue with the certificate doesn’t mean to you have to interrupt them and ask them to evaluate it’s validity.

By: Stephen Smoogen

Stephen Smoogen — Wed, 02 May 2007 03:48:49 +0000

The assumption of the web browser is that if the certificate is bad ask the user if it’s ok to continue. That means the creators of the web browser have to hope for only a 10% chance of getting the right answer from the user. Those are really bad odds.

Actually the creators of the web browser are probably thinking to themselves… shit if we dont put up some sort of warning we could get sued. And this doesnt have to be the lawyers of the company.. I remember a similar warning was proposed by developers at another browser company because they were worried about possible liability.

Another problem though is that developers are very rarely UI or behavioral specialists. And for the vast majority of developers.. their brains do not work in ways that are useful for usable UI design.

They will put in something that means useful information for themselves.. because normally the first audience they write for are people like them.. when a product becomes mainstream a different set of people are using the product who have no idea what all that text meant. But trying to program for that set is incredibly hard, because a lot of the time, they dont’ know what they want until they get it (and they will put up with bad stuff because they its better than crap stuff they had before.)

So how to fix the problem? I don’t know. My brain doesnt do well with GUI’s in the first place.. so the original warning screen was perfect for me. However, I do realize that something has to work for the rest of the world.

By: Johan

Johan — Wed, 02 May 2007 01:29:23 +0000

“That means the creators of the web browser have to hope for only a 10% chance of getting the right answer from the user.”

It does not mean that. Those who don’t understand will make a random choice, which, assuming a binary decision, puts the total probability of getting the right answer at 55%.

I’m somewhat skeptical of SSL certificates as an indication of the safety of a site, anyway. In many cases, the presence of a valid certificate simply means that the site owner has been willing to give a few bucks to Thawte or whoever, nothing more.

By: Joe Buck

Joe Buck — Wed, 02 May 2007 00:15:35 +0000

In the case of SSL certificates, it is extremely common to get complaints either because it appears that the name on the certificate differs from the site, or the certificate is self-signed. Either way, 99.9% of the time this is no big deal, and making the browser or other app refuse to talk to the site is a very bad idea. Tell the user once, at most, then shut up and connect.

By: bma

bma — Tue, 01 May 2007 23:38:56 +0000

Of course, if many people mark a site as being trustworthy and it then suddenly becomes untrustworthy, then even though the broken certificate warns you that the site is dodgy, there’ll still be thousands of people who claimed that the site is trustworthy.There’s also the possibility of fraudulent voting, as Nate mentions.

By: nate

nate — Tue, 01 May 2007 23:21:40 +0000

People already have that.
http://toolbar.netcraft.com/ is one example. There are a number of others, including, I think, Ie7 with a ranking system or maybe it’s heuristic check of the website in question. A few variations.

Also your making the assumption that people that are willing to click ‘this website is safe’ are the same sort of people that understand certs and are actually trustworthy. This is probably not a safe assumption.