URL highlighting

From MozillaWiki
Jump to: navigation, search

This is a summary of URL highlighting in Firefox 3 discussed in mozilla.dev.apps.firefox listing pros and cons. Feel free to add things that I have missed.

This is a summary. Discussions should take place in the newsgroup.

Goals (in prioritized order)

  1. Add support in the location bar for complex characters
  2. Help users understand "where" they are on the web
  3. Prevent homograph-style domain spoofing attacks (ie: bankofthevvest.com)
  4. Prevent subdomain-style domain spoofing attacks (ie: paypal.evil.com)
  5. Make the location bar more functional as a navigational aid

Constraints

  • can't replace URLs outright, they're too important in the way the web works
  • need to support existing copy, paste, select-portion-and-modify actions

General

  • con: URL highlighting adds more visual complexity, and the gain is questionable.
  • pro: make the TLD+1 stand out to make it easier to spot phishing.
    • con: those most vulnerable to phishing don't even look at the URL, thus making this ineffective.
    • con: The TLD+1 is not trustable for identification purposes.
      • con: When the TLD+1 is most trustable, the domain is already shown in the status bar
    • con: The users we are trying to help propably won't understand what the new formatting is for.
    • con: The more security/identity indicators we make, the more they will confuse users, and confused users are easier to attack.
  • pro: removing the sheme makes the URL simpler and easier to understand.
    • pro: When https is not shown, users won't be tricked into associating it with secure and they may start using the real security indicators.
    • con: The sheme may be useful information for some users.
      • pro: This information can be displayed elsewhere (eg www favicon for http/https, ftp favicon for ftp etc.).

Methods of highlighting TLD+1

graying out the rest of the URL
If the color is too light, the URL become unreadable, if the color is too dark, the the highlighting becomes invisible. When the color is medium light/dark, both apply.
making TLD+1 fat
draws too much attention to the URL. Some non-western characters become unreadable.
underlining TLD+1
Adds confusion because it looks like a link.
using different background color
May add too much visual disturbance. Adds confusion because it look like the text is selected.
using different color
Looks ugly. Bad for color blind people.
adding spacing around TLD+1
Makes part of the URL move on hover, cause visual disturbance. Makes it look like there actually is a space there.

Linkification of TLD+1

  • Makes it hard to edit that part of the URL.
  • Users may accidentally follow the link when they wanted to edit the URL.
  • Link may not allways result in something meaningful.
  • Almost all web sites has links to the home page in the top of the page making the link redundant.
  • Tries to solve a problem that does not exist (problem: it is hard to navigate back to the home page).