Increasing trust with privileged Firefox pages
23 July, 2013 § 3 Comments
For many years there has been an increased emphasis towards increasing the visibility of a website’s identity. Pages served over HTTP lack a verifiable identity, while pages served over HTTPS begin to have aspects of their identity verifiable.
When a page is viewed over a valid HTTPS connection, the web browser is able to verify the identity of the domain that it is communicating with. Firefox uses this information to place a “site identity” graphic next to the website’s URL. Clicking on this site identity graphic provides more information about the connection.
Clicking on the More Information button shows how often this website is accessed, in an effort towards building trust and pointing out potentially untrustworthy websites.
When a page is viewed over a valid HTTPS connection using an Extended Validation certificate, the web browser places the certificate’s Organizational Name between the site identity graphic and the website’s URL. With Extended Validation, the web browser not only can confirm the identity of the domain that it is communicating with, but it relies on the vendor who issued the certificate to have verified the identity of the owner of the website. Again, clicking on the More Information button in the site identity panel will show prior access information.
Within the past couple weeks a new site identity view was introduced. Now when visiting privileged Firefox webpages such as about:home, about:config, and about:addons, the site identity area will show a Firefox logo along with the “Firefox” name. Clicking on the either of these will show a panel that confirms to the user that this page is a secure Firefox page.
This feature is expected to reach users on our Release channel during the last week of October, 2013. If you’d like to play with it today you can download and install a build of Firefox Nightly.