pinentry's new window titles could be more (less?) informative

Robert J. Hansen rjh at
Thu Sep 28 20:03:26 CEST 2017

> At any rate, normal humans don't want to see all that :P


> or maybe even just:
>     thunderbird

Normal humans still don't want to see all that.  Sorry to be the bearer
of bad news.  :(

Some years ago a friend of mine, Peter Likarish, devised a really neat
phishing detector for Firefox.  Highly effective, very low false
positives: it was good stuff.  He turned it into a Firefox plugin that
would put a red warning banner at the top of the browser if you were
apparently being phished.

In human trials (done at the University of Iowa in a formal
human-factors lab), precisely 0% of users benefited.  They didn't even
see the banner.  So he made it bigger: no change.  When he made it
steadily grow to take over half the screen, people clicked the X to
dismiss it without even reading it -- clearly they saw the banner, but
they didn't read it.  When asked in a post-interview what they thought
of it, the most common reaction was, "I thought it was a Flash ad!  I
didn't even bother to read it!"

The lesson I take from that is we, as developers, tend to vastly
overestimate how much attention we're getting from users.  Unless they
know a widget is relevant to them, most users ignore it on a level so
profound they don't even remember that widget existing.

So my question is, yes, I see what the intent is here: to give users
some assurance their PIN is being requested by the program they expect.
But I'm entirely unconvinced this is a sensible precaution.

I'd like to create a simple app called "gpg-helper" which would ask for
a pinentry window to pop up.  If a significant fraction of our users can
see "gpg-helper" in the titlebar and realize "hey, wait, that's not
legit", then I think there would be a lot of merit in doing this.
Otherwise, we're talking about adding UI clutter to everyone's
experience in order to benefit only a few.

More information about the Gnupg-devel mailing list