X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Where did the Secure Site Icon go ?

Posted

I know the status bar was removed and an and on bar replaces it but Where did the Secure Site Icon go ? Will not use FF without it !

I cant find anything about it. ( FF 40b7 ) How do I get it back ? Not so little things like this will hurt FF. And YES I understand this is beta but come on guys/gals this is IMPORTANT ! I probably just missed something stupid but I could use some help please.

Additional System Details

Installed Plug-ins

  • np-mswmp
  • Shockwave Flash 10.1 r102
  • Next Generation Java Plug-in 1.6.0_22 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Windows Activation Technologies Plugin for Mozilla
  • Office Authorization plug-in for NPAPI browsers
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Adobe PDF Plug-In For Firefox and Netscape 10.0.0

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7) Gecko/20100101 Firefox/4.0b7

More Information

FF 40b7

the-edmeister
  • Top 10 Contributor
  • Moderator
3195 solutions 24391 answers

The "Site Identity button", which provides a lot more pertinent information about a web site, was introduced in Firefox 3, and was used along with the "Security Lock icon"; that "Lock icon" was finally removed from Firefox 4 versions.
https://support.mozilla.com/en-US/kb/Site+Identity+Button
http://www.dria.org/wordpress/archives/2008/05/06/635/

Many of us long time users aren't happy with the lock being gone either, and have asked a few extension developers about restoring that feature via an extension. Well that ain't gonna happen, because the "internal coding" for that "Security Lock" feature was removed from Firefox.

gluxon 0 solutions 11 answers

This is taken from one of the links above.

There is a major problem with the padlock, however, in that a lot of people believe that it means more than it really does. I certainly thought so until I had a long chat with Johnathan Nightingale (Mozilla’s security UI guru and lead imagineer for this feature) who explained to me that the padlock simply means “encrypted” rather than “safe”. Where the padlock has a very specific meaning related to browser security, I had given it a deeper, broader meaning that it didn’t really deserve.

All the padlock means is that the web page is using HTTPS (Hyper-Text Transfer Protocol Secure). It's almost useless, since you can easily see if a website (such as this one) is using HTTPS by looking at the url bar, or checking if the web site's domain is extended into the favicon.

If you really want it, the padlock is still there if you click on the favicon/domain button.

the-edmeister
  • Top 10 Contributor
  • Moderator
3195 solutions 24391 answers

Helpful Reply

gluxon,

Users are used to seeing a lock in either the Statusbar or the URL bar. The details in that article are too complicated for the "average" user to understand. The "lock" is understood by almost every user - move it, don't remove it.

Just about every other browser has used and is still using a lock icon to indicate a "secure" website. Opera 11 and IE9 are replacing the website icon at the left side of the URL bar with a lock icon, which makes more sense than the way Firefox 4 is doing it. Opera and IE are moving that lock from the right-side of the URL bar as Opera 10 and IE8 are now configured. Click the lock icon and the security information box appears.

Firefox is probably the only browser that is "hiding" that lock in the "box" that opens with clocking the Site Identity Button.

Modified by the-edmeister

lamybouc 0 solutions 1 answers

Helpful Reply

Every financial institution (bank, credit union,...), every news outlet (print/TV/Radio/blog) reaches out to millions of elderdly folks and other non-geeks and tells them to run away as soon as they dont see a Key or Lock on a secured page (or maybe so-called secured page from what I get you are trying to push through).

This is a major Change Management disaster waiting to happen... Not just for Firefox but for every web site using secure transactions. Countless organisations are going to get calls from users telling them, "Your site is not secured, Oprah and CNN told me so".

Go for color scheme or other visual indicator to warn of security level, but absolutely dont lose the icon !

Regards, Stephane

sjschultze 0 solutions 3 answers

For what it's worth, I submitted a bug: https://bugzilla.mozilla.org/show_bug.cgi?id=620456

I'm not sure they're going to pay attention to it, given that the issue was also raised here: https://bugzilla.mozilla.org/show_bug.cgi?id=574688#c130

the-edmeister
  • Top 10 Contributor
  • Moderator
3195 solutions 24391 answers

sjschultze,

I voted for the Bug you filed and posted my own comments. IMO, this is a "blocker" for Firefox 4.0 and a major UI flaw. Users expect to see a "lock" - Firefox oughta show then the lock in the Location bar!

It's not something to be treated as an educational experience for users, by forcing then to learn about "Site Identity Button" and how much more informative it is vs. the "lock" icon alone.

sjschultze 0 solutions 3 answers

Here are the other relevant bugs I've found, as well as a thread I started on mozilla.dev.security.policy list:

https://bugzilla.mozilla.org/show_bug.cgi?id=558551

https://bugzilla.mozilla.org/show_bug.cgi?id=574688#c130

https://bugzilla.mozilla.org/show_bug.cgi?id=598973

https://bugzilla.mozilla.org/show_bug.cgi?id=619921

http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/c52b6de458ad54be#

This is not to discourage people from commenting more here, filing their own bugs if they feel strongly about this, commenting on existing bugs, or joining the m.d.s.p discussion.

Modified by sjschultze

sjschultze 0 solutions 3 answers

There's also a petition to bring back the status bar altogether: http://firefox.uservoice.com/forums/57440-firefox-4-beta/suggestions/1217833-bring-back-the-status-bar:

the-edmeister
  • Top 10 Contributor
  • Moderator
3195 solutions 24391 answers

I honestly don't think that petition is going to sway Mozilla into action for reinstating the Status bar.

The Mozilla developers seen to be enamored with Google Chrome and (seem to) want Firefox to look just like Chrome. Opera 11 seems to have a better concept with a functioning Statusbar, but it is more like SeaMonkey (with email functions) than it is like Firefox. Too damn many functions stuck on the Status bar that I'll never use - Opera Link, Opera Unite, & "Turbo".

mark2 4 solutions 94 answers

"I honestly don't think that petition is going to sway Mozilla into action for reinstating the Status bar. "

Neither do I,but it is true that they removed the much annoying Sync icon that was included by default a couple of betas ago-as for the padlock,even after the explanation of what does it really stand for,I believe it should be more visible nonetheless. The status bar is a different matter anyways,as you point out they're so inclined to model FX 4 after Chrome that they're apparently willing to risk some loss of functionality (another example,the history dropdown marker

https://bugzilla.mozilla.org/show_bug.cgi?id=610233

https://bugzilla.mozilla.org/show_bug.cgi?id=606286)

But I have to say the Status4evar addon does a good job of restoring the lost functionality,sometimes is even better IMO.

the-edmeister
  • Top 10 Contributor
  • Moderator
3195 solutions 24391 answers

IMO, Mozilla should replace the website icon that appears in the Site Identity Button with a "lock" on HTTPS websites, as done with Opera11 and IE9. Security symbols should be the common ground, not UI designers fancy to out-do the other guys.

Taz420 0 solutions 9 answers

This is a very good point. Myself being a computer sage would know to look for https:// to verify encryption. But people like my mom and grandma wouldn't. I taught them to always look for the lock before entering sensitive data. The status bar I can live without. I just have to re-train myself to look for the mouseover URL at the top instead of the bottom where I've been looking for 15years.. But the lock is an absolute must-have for the masses.

cor-el
  • Top 10 Contributor
  • Moderator
10747 solutions 96723 answers

You shouldn't concentrate on the padlock icon. That icon only tells you that there is a secure (HTTPS) connection, but doesn't guarantee that you are connected to the server that you expect. That is the main reason why it was replaced by the Site Identity Button in the location bar. That button allows a more thorough check of the connection and server identity by showing the domain. You can click that button to see the padlock and click the More Details button to verify the connection settings.

kaie 1 solutions 12 answers

The padlock addon will show an addon in the identity bar. https://addons.mozilla.org/en-US/firefox/addon/padlock-icon/

This could help to bridge the worlds. It displays a padlock, but at the same time it draws attention to the new identity button.

netrek 0 solutions 2 answers

Removing this was incredibly stupid. A case of the developers trying to be different without any real gain and a huge downside! Even the most clueless web user knows what the little security lock means and if they do online banking or buy something on ebay or amazon they can at least observe, "Hey something is wrong the little padlock icon isn't lighting up!" They could have made this a feature users could toggle on or off, but to completely remove it was DUMB. Please bring this back!

ryegrass 0 solutions 4 answers

The whole point is that it now takes more 'clicks' to accomplish the same thing as a quick glance use to. This seems to be the pattern with Firefox 4 (hiding useful controls). Imagine for a minute that there is this great new car with more horsepower, acceleration and better gas mileage but part of the improvements are to put the gas pedal on the left, brake on the dash and have a tuck-away steering wheel.

Xircal 334 solutions 3835 answers

If the favicon is green, then all transmissions are encrypted.

Click the link kaie posted above and you'll see what I mean.

The main problem with the lock symbol is that criminals can now create a phishing site with a fraudulent SSL certificate and a padlock to give unwary users the impression that they're on a secure site like online banking.

As regards insecure SSL certificates, there was a security breach recently at an SSL issuer called Comodo whereby a number of them were indavertently issued. See http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/

By using the Site Identity button instead, users can check whether they are on a bona fide site or not.

cor-el
  • Top 10 Contributor
  • Moderator
10747 solutions 96723 answers

Blue (Domain Validated Certificate) is also OK.
If you do not see the correct domain listed properly in the Site Identity Button with a blue or green background if you have a secure HTTPS connection then you should really check on which site you are.

VonMagnum 0 solutions 4 answers

Firefox developers are becoming ridiculously arrogant lately, IMHO. In bug thread after bug thread, I find they either don't care what users want in a browser, they talk down to them or they expect the end user to find the bugs for them in an easily reproducible manner (intermittent freezes are pretty darn hard to nail down for an end user). They ditched the PPC Mac platform (despite the author of TenFourFox finishing their abandoned Javascript JIT engine for them) and so I'm finding I care less and less about Firefox.

It was bad enough that they removed the RSS icon from the display (having to click on the Bookmarks dropdown menu to see if a site has an RSS feed (it's ghosted if it's not there) is RIDICULOUS. Their 'argument' is that most sites you expect to find feeds have them so it's redundant. Who the FRAK made them god to decide that every site out there you "think" might have RSS will have it? That's total bullcrap. That icon wasn't hurting anything. It was very helpful to see at a glance if you could add RSS or not and then click on it to bring it up rather than an unintuitive drop-down menu.

But THIS is FAR WORSE. I don't want to do ANY financial transaction on a site that isn't ENCRYPTED. "Safe" is irrelevant because if it's not encrypted, IT'S NOT SAFE! Knowing it's encrypted is a BARE MINIMUM REQUIREMENT for *ANY* financial transaction on the web. And this 'assumption' that sales sites will be encrypted is PURE BS. I've been on plenty of sites that CLAIMED to be secure, but were NOT encrypted (either due to a malfunction or wrong setting in their software or some other unknown). I want to KNOW if a site is encrypted at a glance and having to click on some icon or look for an HTTPS moniker is not convenient AT ALL (and no that's NOT reliable).

All I can say is these developers better start listening to their users or they'll become completely irrelevant. If they want an OPTION to turn off those icons, FINE, but WTF would they forcibly remove a feature most people WANT? It's beyond stupid. It's arrogant bullcrap and it makes me angry. Take a feature we've had for years and rely on and wipe it out on the whim of some MORON working at Mozilla. And yes they HAVE to be a MORON to do that.

cor-el
  • Top 10 Contributor
  • Moderator
10747 solutions 96723 answers

You can find an RSS feed icon in the toolbar palette and drag it on the Navigation Toolbar if you want it back.