New issue
Advanced search Search tips

Issue 901684 link

Starred by 2 users
Status: Available
Owner: ----
Cc:
rhalavati@chromium.org
susan.boorgula@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 3
Type: Feature
Team-Security-UX



Sign in to add a comment

"Not secure" warning in address bar not shown enough prominently in Incognito

Reported by george.a...@gmail.com, Nov 4 

Chrome Version       : 70.0.3538.77
OS Version: openSUSE Leap 15.0
URLs (if applicable) :
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari:
    Firefox:
    IE/Edge:

What steps will reproduce the problem?
1. Open incognito window
2. Visit some http-only URL
3. Compare with regular (non-incognito)

What is the expected result?
Good prominent "Not secure" warning in both modes.

What happens instead of that?
In incognito it is somewhat "dull" and with the same color of the URL. Can easily go unnoticed. A brighter red background behind the "Not secure" text would work better (for both modes).

Please provide any additional information below. Attach a screenshot if
possible.
(attached)
2018-11-05-00-31-17-screenshot.png
28.4 KB View Download

Comment 1 by swarnasree.mukkala@chromium.org, Nov 5

Labels: Needs-Triage-M70

Comment 2 by susan.boorgula@chromium.org, Nov 5

Cc: susan.boorgula@chromium.org
Components: UI>Browser>Omnibox
Labels: -Type-Bug -Pri-3 Triaged-ET Target-72 M-72 FoundIn-71 FoundIn-70 FoundIn-72 OS-Mac OS-Windows Pri-2 Type-Feature
Status: Untriaged (was: Unconfirmed)
Reporter@ Thanks for the issue.

As per the above description, this looks like a feature request for a brighter red background behind the "Not secure" text in Incognito mode.
Marking this as Untriaged for further updates from Dev.

Thanks..

Comment 3 by mpear...@chromium.org, Nov 12

Components: -UI>Browser>Omnibox UI>Browser>Omnibox>SecurityIndicators>VerboseChip
Handing over to UI>Browser>Omnibox>SecurityIndicators>VerboseChip folks for triage.

Comment 4 by emilyschechter@chromium.org, Nov 12 

Thanks for the request! 

We've seen that color is less important than having a unique icon shape and communicating with strings, particularly because colors don't mean the same things to everyone, and some people don't see color. https://www.usenix.org/system/files/conference/soups2016/soups2016-paper-porter-felt.pdf

IMO, in a world of limited design & eng resources, this is low priority. Once we roll out /!\ Not Secure to all HTTP, we should instead think about whether we should actually be doing something stronger with UI like a full-page block, etc, that will affect user behavior in a more impactful way.

Comment 5 by george.a...@gmail.com, Nov 13 

Not true. Human *peripheral* vision has evolved to be
less sensitive to small shapes and more sensitive to
color and light. Red (blood) in particular is an
instinctive signal for danger. That is so strongly
hard coded in us and there is a reason why it is used
in so many forms. So claiming that you have seen the
opposite contradicts human biology.

Changing a color doesn't require extra resources.
Meanwhile using a color which won't have any effect is
surely a wasted resource.

Comment 6 by george.a...@gmail.com, Nov 20 

One more note:

When using TOR http://<whatever>.onion is not marked
as secure but by design all onion services are
encrypted. Perhaps this needs to be addressed
somehow too.

Comment 7 by rhalavati@chromium.org, Dec 4

Cc: rhalavati@chromium.org

Comment 8 by cthomp@chromium.org, Dec 4

Labels: -Pri-2 Pri-3
Status: Available (was: Untriaged)

Sign in to add a comment