"Your connection is not private" possibly should be "Your connection is not secure" instead
Reported by
93m4qau...@gmail.com,
Jan 4 2018
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Steps to reproduce the problem: 1. Open a site with invalid HTTPS. 2. See Chrome's "Your connection is not private" warning screen. 3. Think to yourself "I don't need it to be private". 4. Just click through it. 5. Later, forget that it was insecure and enter your credit card and make a transaction. What is the expected behavior? I think that "Your connection is not secure" might possibly be more influential than "Your connection is not private", because sometimes people think "I don't need it to be private". What went wrong? The "Your connection is not private" message sometimes causes people to just click through it and think "I don't need it to be private" even though it is a security issue and not just a privacy issue. Did this work before? N/A Chrome version: 63.0.3239.132 Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: I have actually witnessed someone do this, and I know they will not be the only one to do this.
,
Jan 5 2018
,
Jan 5 2018
,
Jan 7 2018
Thanks for the suggestion. The strings on HTTPS error pages were chosen carefully and experimentally, so I don't think we'll be making changes to them without significant study and experimentation. Please see https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43265.pdf for some more background. |
||||
►
Sign in to add a comment |
||||
Comment 1 by sc00335...@techmahindra.com
, Jan 5 2018Labels: -Type-Bug Needs-Triage-M63 Triaged-ET OS-Linux OS-Mac Type-Feature
Status: Untriaged (was: Unconfirmed)