pinentry's new window titles could be more (less?) informative
Robert J. Hansen
rjh at sixdemonbag.org
Thu Sep 28 20:03:26 CEST 2017
> At any rate, normal humans don't want to see all that :P
> or maybe even just:
Normal humans still don't want to see all that. Sorry to be the bearer
of bad news. :(
Some years ago a friend of mine, Peter Likarish, devised a really neat
phishing detector for Firefox. Highly effective, very low false
positives: it was good stuff. He turned it into a Firefox plugin that
would put a red warning banner at the top of the browser if you were
apparently being phished.
In human trials (done at the University of Iowa in a formal
human-factors lab), precisely 0% of users benefited. They didn't even
see the banner. So he made it bigger: no change. When he made it
steadily grow to take over half the screen, people clicked the X to
dismiss it without even reading it -- clearly they saw the banner, but
they didn't read it. When asked in a post-interview what they thought
of it, the most common reaction was, "I thought it was a Flash ad! I
didn't even bother to read it!"
The lesson I take from that is we, as developers, tend to vastly
overestimate how much attention we're getting from users. Unless they
know a widget is relevant to them, most users ignore it on a level so
profound they don't even remember that widget existing.
So my question is, yes, I see what the intent is here: to give users
some assurance their PIN is being requested by the program they expect.
But I'm entirely unconvinced this is a sensible precaution.
I'd like to create a simple app called "gpg-helper" which would ask for
a pinentry window to pop up. If a significant fraction of our users can
see "gpg-helper" in the titlebar and realize "hey, wait, that's not
legit", then I think there would be a lot of merit in doing this.
Otherwise, we're talking about adding UI clutter to everyone's
experience in order to benefit only a few.
More information about the Gnupg-devel