GOV.UK Frontend is already fully open source [0] with comprehensive documentation [1] and GDS encourage community contributions, libraries and resources [2]. If there was any worry about phishing that would be a question for GDS
This is impressive Matt, and I love the design system GDS has developed, but I'm not sure they want non-government services to use the system. From the second link you posted:
> Use this design system to make *government* services consistent with GOV.UK
Emphasis mine. Are GDS aware of this work? I am in no way affiliated with GDS by the way.
--
I'm always wary of this kind of thing not being on a gov.uk domain, which in this case is entirely appropriate because it's not in anyway official or endorsed by GDS. Not for any direct phishing/crooks concerns as raised above, but because it waters down the impact of this kind of thing always being on gov.uk domains.
--
Edit: I'd be _very_ surprised if GDS don't take issue with you having "GOV.UK" in the name given that it is no way associated with gov.uk
That's a good thing, because people need to learn how to really check the authenticity of a website and not base it on how it looks. See security by obscurity.
There's an old Microsoft study examining what might help users to not give crooks their credentials. The participants used their real credentials to attempt a real bank transaction, and Microsoft studied what might count as a red flag and stop them from attempting this transaction on a bogus site, variations in UI warnings, layout etc..
Nothing. Nothing you could do stopped users from persisting in their goal, despite all the red flags, humans get stuck on a mission, it's called "Get-there-itis" and it kills private pilots, it causes those "How could you be such a moron?" bridge strikes you see on Youtube, it's a defect in human psychology, you have to design knowing that this defect exists.
So what works? Brick Wall UX. When the user can't do the wrong thing they won't. They'll still try of course, but now they can't succeed (in giving their credentials to crooks).
Better yet, this creates the ability for prompts such as:
"Using design system from govukvue.org create an app that will [check for service] from [this gov.uk url] using the same hooks and design components to give me a dashboard of [benefits] [contacts_for_benefits] [these_other-compnents_to_query] as a flas app and conect it to my [db] and give me a mobile first view - wrap it in a docker on my DO droplet, use the cred from the .env"
matteason|1 year ago
[0] https://github.com/alphagov/govuk-frontend
[1] https://design-system.service.gov.uk/
[2] https://design-system.service.gov.uk/community/resources-and...
londons_explore|1 year ago
Phishers probably wouldn't even bother using a vue component - it's easier to copy the whole page from dev tools body.innerHTMl
baliex|1 year ago
> Use this design system to make *government* services consistent with GOV.UK
Emphasis mine. Are GDS aware of this work? I am in no way affiliated with GDS by the way.
--
I'm always wary of this kind of thing not being on a gov.uk domain, which in this case is entirely appropriate because it's not in anyway official or endorsed by GDS. Not for any direct phishing/crooks concerns as raised above, but because it waters down the impact of this kind of thing always being on gov.uk domains.
--
Edit: I'd be _very_ surprised if GDS don't take issue with you having "GOV.UK" in the name given that it is no way associated with gov.uk
globular-toast|1 year ago
unsupp0rted|1 year ago
tialaramex|1 year ago
Nothing. Nothing you could do stopped users from persisting in their goal, despite all the red flags, humans get stuck on a mission, it's called "Get-there-itis" and it kills private pilots, it causes those "How could you be such a moron?" bridge strikes you see on Youtube, it's a defect in human psychology, you have to design knowing that this defect exists.
So what works? Brick Wall UX. When the user can't do the wrong thing they won't. They'll still try of course, but now they can't succeed (in giving their credentials to crooks).
dotancohen|1 year ago
unknown|1 year ago
[deleted]
samstave|1 year ago
"Using design system from govukvue.org create an app that will [check for service] from [this gov.uk url] using the same hooks and design components to give me a dashboard of [benefits] [contacts_for_benefits] [these_other-compnents_to_query] as a flas app and conect it to my [db] and give me a mobile first view - wrap it in a docker on my DO droplet, use the cred from the .env"
unknown|1 year ago
[deleted]