There's something about their favicon being the default green lock ( https://https.cio.gov/assets/favicon.ico ) that unsettles me. It feels like a social engineering trick.
That's an interesting point. I'll be straight, it's lifted right from https://istlsfastyet.com. And cio.gov is in the HSTS preload list [1] so (once the list makes it into stable channels) the chances of the domain being downgraded to plaintext are pretty low. But I had not thought of that angle. Hmm.
I wasn't calling it a social engineering trick, more that it just felt like one. To the average person they wouldn't second guess the icon. To those who believe in HTTPSAllTheThings, we question anything out of the ordinary.. and that little padlock shouldn't appear in the tab.
As I said, it just felt weird, sort of the same feeling you get when you go to Apple or YouTube and there's a warning on the lock icon. You just want to hit the back button almost instantly fearing something dodgy is happening.
From what I was reading, the removal of the favicon in Safari was more just a UI redesign decision to remove "clutter". Personally I don't find a 16x16 icon too intrusive, but hey, what ever floats their boat. I was hoping that it was as you said, and was to prevent maliciously designed favicons from tricking users on plaintext sites (where the protocol had been stripped by the UI) into thinking they were on a secure site.
I don't use Safari, so I don't know how they render their address bar.
konklone|11 years ago
[1] https://18f.gsa.gov/2015/02/09/the-first-gov-domains-hardcod...
kysol|11 years ago
I wasn't calling it a social engineering trick, more that it just felt like one. To the average person they wouldn't second guess the icon. To those who believe in HTTPSAllTheThings, we question anything out of the ordinary.. and that little padlock shouldn't appear in the tab.
As I said, it just felt weird, sort of the same feeling you get when you go to Apple or YouTube and there's a warning on the lock icon. You just want to hit the back button almost instantly fearing something dodgy is happening.
LeoPanthera|11 years ago
kysol|11 years ago
I don't use Safari, so I don't know how they render their address bar.
schoen|11 years ago