Giters

EFForg / https-everywhere

A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.

Home Page:https://eff.org/https-everywhere

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

New UI is confusing

opened this issue · comments

commented

Type: code issue

TL;DR new button labels do not hint at what the button does.

In previous versions, I was presented with an option to allow the site this time only (as well as the option to allow it permanently). The 27/1/2021 update just rolled out to me, and this is gone.

At first, I thought this option was gone... Now I realise that things have been rearranged and re-labelled. Trouble is, the labels are a little...well... lacking in detail. When I click 'Proceed anyway (unsafe)', it's not clear whether this will make a permanent exception or not... Just how unsafe is this?... etc. This reaises more questions than it answers. I can click 'Disable on this site', but it isn't clear what exactly I'm disabling, or for what duration (just this visit, until the browser restarts, forever?)

It was only through looking at the underlying code that the purpose of the buttons was hinted more clearly, as the 'Proceed anyway' button has the word 'once' in the element's id. I'm assuming that means that the disable option adds the site to the exception list and will always load as http... and that the 'don't load it' button (I don't remember the label) is just gone.... but honestly trial and error will be the fastest way to find out.

I think the new button labels could do with a little attention.

Edit: To be clear, I'm not looking for help finding out what the buttons do. I can figure that out, thanks :) I am suggesting a change so that the buttons tell all users what they do.

commented

Version: 2021.1.27
Firefox version: 86.0 (64-bit)

I am feeling the same way. The buttons currently look like this:
Buttons screenshot

The color red is usually associated with 'danger', yet the button which is more dangerous ("Disable on this site"; permanently) is merely colored gray, while the button which is less dangerous (only allow for this session) is colored 'red'.
Additionally the less dangerous button has the suffix "(unsafe)" while the more dangerous button does not.

Maybe something like the following would be clearer:
Suggested button UI

Additionally, clicking both buttons currently shows a confirmation dialog which just repeats what the buttons are saying, which is not very helpful.
It might be better to:

  • Only show the confirmation dialog for disabling it permanently
  • Include a more detailed description, e.g.:

    This will disable HTTPS Everywhere permanantely for the site example.com, which might allow attackers to read and manipulate your network traffic to that site.
    Are you sure you want to continue?

(Also note here that the dialog message should mention that HTTPS Everywhere is disabled for the host, because that appears to be how it currently behaves.)

commented

Thanks for the much better description and the nice mock-up solution! Great work man :)

commented

This is in review with our design team. as an update. Thank you for your feedback!