“This web site does not supply identity information”…
…Which is by far one of the most vague and most easily misunderstood tooltip notices you could present to any user; Even an experienced one. And I’m quite surprised this little gem went unnoticed by me all this time in Firefox, if it weren’t for the my accidental hover over the icon left of the URL bar after I upgraded to 3.5 recently.
Normally, this sort of wording problem goes unnoticed until pointed out and then fixed quickly. Alas, I found an amusing discourse on mozillaZine (that started March of last year) which prove once again, some people may also need Midol along with their antacids before accepting a seemingly obvious point.
The notice serves no worthwhile purpose for the vast majority of web users unless they’re submitting a form or need secure access for another purpose. And it shows a lack of foresight when it comes to user interactions as they could have easily worded this in a far more intuitive way.
Back to that forum thread…
The original post was : ”So how should a server admin provide this information?”
A fair and reasonable question.
Unfortunately it all degenerates into SSL vs EV SSL, the domain “shortcomings” at not providing encryption (I didn’t realise this was a prerequisite for all connections and form fields), there was an argument about one thing, but there isn’t an argument something else… etc… etc… All of which have no bearing whatsoever on the above poorly worded notification, but of course, the drama queens arrive crying foul at any arguments to the contrary. Relabel an analogy as being a straw-man argument. That always works.
How this all ended this way is a good example of why Firefox community branches could use a good pruning… And some neutering too, perhaps. In fact most of the open source community use a good helping of humble pie on occasion. Is how you’re personally perceived as a developer more important than getting a quality product out? And when pointed out an obvious shortcoming, is ignoring, or worse yet, nagging the messenger really the appropriate reaction?
Well that’s all well and good, but here’s my suggestion :
When submitting user data, it’s helpful to have a notification in the URL bar on whether the connection is secure. Particularly when submitting form fields. However, the notification must be unambiguous or at least be as clear as possible for the average user with no knowledge of secure connections, encryption and such.
And your definition of “clear” doesn’t apply to everyone else. Be aware that you’re creating a product for the masses so it’s the masses’ opinion that counts.