{"id":2498,"date":"2019-10-15T13:26:08","date_gmt":"2019-10-15T20:26:08","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2498"},"modified":"2020-04-30T06:34:52","modified_gmt":"2020-04-30T13:34:52","slug":"improved-security-and-privacy-indicators-in-firefox-70","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/","title":{"rendered":"Improved Security and Privacy Indicators in Firefox 70"},"content":{"rendered":"<p>The upcoming Firefox 70 release will update the security and privacy indicators in the URL bar.<\/p>\n<p>In recent years we have seen a great increase in the number of websites that are delivered securely via HTTPS. At the same time, privacy threats have become more prevalent on the web and Firefox has shipped new technologies to protect our users against tracking.<\/p>\n<p>To better reflect this new environment, the updated UI takes a step towards treating secure HTTPS as the default method of transport for websites, instead of a way to identify website security. It also puts greater emphasis on user privacy.<\/p>\n<p>This post will outline the major changes to our primary security indicators:<\/p>\n<ul>\n<li>A new permanent \u201cprotections\u201d icon to access information about the restrictions Firefox is applying to the page to protect your privacy.<\/li>\n<li>A new crossed-out lock icon as indicator for insecure HTTP and a new color for the lock icon that marks sites delivered securely.<\/li>\n<li>A new placement for Extended Validation (EV) indicators.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2><b>Streamlining Security and Identity Indicators<\/b><\/h2>\n<p>Firefox traditionally marked sites delivered via a secure transport mechanism with a green lock icon. Sites delivered via insecure mechanisms got no additional security indicators. All sites were marked with an \u201cinformation\u201d icon, which served as an access point for more site information.<\/p>\n<p><a href=\"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/identity_icons.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-2499 size-full\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/identity_icons.png\" alt=\"Before and after comparison of new identity icons\" width=\"1152\" height=\"324\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/identity_icons.png 1152w, https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/identity_icons-252x71.png 252w, https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/identity_icons-768x216.png 768w, https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/identity_icons-600x169.png 600w\" sizes=\"(max-width: 1152px) 100vw, 1152px\" \/><\/a><\/p>\n<p>As part of the changes in Firefox 70, we will start showing a crossed-out lock icon as permanent indicator for sites delivered via the insecure protocols HTTP and FTP. Over two years ago, we <a href=\"https:\/\/blog.mozilla.org\/security\/2017\/01\/20\/communicating-the-dangers-of-non-secure-http\/\">started showing<\/a> this indicator for insecure login pages. We also announced our intent to expand by showing a negative indicator for all HTTP pages as HTTPS adoption increases. By now, Firefox loads <a href=\"https:\/\/letsencrypt.org\/stats\/#percent-pageloads\">about 80% of pages<\/a> via HTTPS.<\/p>\n<p>The formerly green lock icon will now become gray, with the intention of de-emphasizing the default (secure) connection state and instead putting more emphasis on broken or insecure connections.<\/p>\n<p>We will remove the \u201cinformation\u201d icon. The lock icon will be the new entry point for accessing security and identity information about the website.<\/p>\n<p>&nbsp;<\/p>\n<h2><b>Moving the EV indicator out of the URL Bar<\/b><\/h2>\n<p><a href=\"https:\/\/research.google\/pubs\/pub48199.pdf\">A recent study by Thompson et al.<\/a> shows that the display of the company name and country in the URL bar when the website is using an <a href=\"https:\/\/en.wikipedia.org\/wiki\/Extended_Validation_Certificate\">Extended Validation<\/a> TLS certificate does not add any additional security parameters. One of the biggest downsides with this approach is that it requires the user to notice the absence of the EV indicator on a malicious site.\u00a0Furthermore, <a href=\"https:\/\/stripe.ian.sh\/\">it has been demonstrated<\/a> that EV certificates with colliding entity names can be generated by choosing a different jurisdiction.<\/p>\n<p>As a result, we will relocate the EV indicator to the \u201cSite Information\u201d panel that is accessed by clicking on the lock icon. This change will hide the indicator from the majority of our users while keeping it accessible for those who need to access it. It also avoids ambiguities that could previously arise when the entity name in the URL bar was cut off to make space for the URL.<\/p>\n<p><a href=\"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/Screenshot-2019-10-08-at-14.18.25.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-2500\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/Screenshot-2019-10-08-at-14.18.25-600x312.png\" alt=\"Image showing the new EV Indicator in the identity panel\" width=\"450\" height=\"234\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/Screenshot-2019-10-08-at-14.18.25-600x312.png 600w, https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/Screenshot-2019-10-08-at-14.18.25-252x131.png 252w, https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/Screenshot-2019-10-08-at-14.18.25-768x400.png 768w, https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/Screenshot-2019-10-08-at-14.18.25.png 872w\" sizes=\"(max-width: 450px) 100vw, 450px\" \/><\/a><\/p>\n<h2><\/h2>\n<p>&nbsp;<\/p>\n<h2><b>Adding a new Protections Icon<\/b><\/h2>\n<p>The protections icon will be the entry point for the privacy properties of every page. It lets the user know about trackers or cryptominers on the page and how Firefox restricts them to improve privacy and performance. The icon will have 3 different states.<\/p>\n<p><b><a href=\"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/protections.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-2501\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/protections.png\" alt=\"An overview of the different protection icons\" width=\"1418\" height=\"172\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/protections.png 1418w, https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/protections-252x31.png 252w, https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/protections-768x93.png 768w, https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/protections-600x73.png 600w\" sizes=\"(max-width: 1418px) 100vw, 1418px\" \/><\/a><\/b><\/p>\n<p><b>Protections Enabled<br \/>\n<\/b>When no tracking activity is detected and protections are not necessary, the shield shows in grey.<\/p>\n<p><b>Protections Active<br \/>\n<\/b>When protections are active on the current page, the shield displays a very subtle animation and adopt the purple gradient.<\/p>\n<p><b>Protections Disabled<br \/>\n<\/b>When the user has disabled protections for the site, the shield shows with a strike-through.<\/p>\n<p>&nbsp;<\/p>\n<p>We are excited to roll out this improved new UI and will continue to evolve the indicators to give Firefox users an easy way to assess their privacy and security anywhere on the modern web.<\/p>\n<p>A big thank you to all the individuals that contributed to this effort.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The upcoming Firefox 70 release will update the security and privacy indicators in the URL bar. In recent years we have seen a great increase in the number of websites &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/\">Read more<\/a><\/p>\n","protected":false},"author":1454,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,8633,847,69],"tags":[],"coauthors":[327146],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Improved Security and Privacy Indicators in Firefox 70 - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Johann Hofmann\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/\",\"name\":\"Improved Security and Privacy Indicators in Firefox 70 - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/identity_icons.png\",\"datePublished\":\"2019-10-15T20:26:08+00:00\",\"dateModified\":\"2020-04-30T13:34:52+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/6f97b9dbc27cd81636890e21af9d1d0a\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/identity_icons.png\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/identity_icons.png\",\"width\":1152,\"height\":324,\"caption\":\"Before and after comparison of new identity icons\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Improved Security and Privacy Indicators in Firefox 70\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/6f97b9dbc27cd81636890e21af9d1d0a\",\"name\":\"Johann Hofmann\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/e7d0ae0aab95e35938fb0ee7353d0a40\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3f35c72a2015d145124edcd87f321c08?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3f35c72a2015d145124edcd87f321c08?s=96&d=identicon&r=g\",\"caption\":\"Johann Hofmann\"},\"description\":\"Firefox Security &amp; Privacy Engineer\",\"sameAs\":[\"http:\/\/johannh.me\",\"https:\/\/x.com\/johannh\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Improved Security and Privacy Indicators in Firefox 70 - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/","twitter_misc":{"Written by":"Johann Hofmann","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/","url":"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/","name":"Improved Security and Privacy Indicators in Firefox 70 - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/identity_icons.png","datePublished":"2019-10-15T20:26:08+00:00","dateModified":"2020-04-30T13:34:52+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/6f97b9dbc27cd81636890e21af9d1d0a"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/#primaryimage","url":"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/identity_icons.png","contentUrl":"https:\/\/blog.mozilla.org\/security\/files\/2019\/10\/identity_icons.png","width":1152,"height":324,"caption":"Before and after comparison of new identity icons"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2019\/10\/15\/improved-security-and-privacy-indicators-in-firefox-70\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Improved Security and Privacy Indicators in Firefox 70"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/6f97b9dbc27cd81636890e21af9d1d0a","name":"Johann Hofmann","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/e7d0ae0aab95e35938fb0ee7353d0a40","url":"https:\/\/secure.gravatar.com\/avatar\/3f35c72a2015d145124edcd87f321c08?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3f35c72a2015d145124edcd87f321c08?s=96&d=identicon&r=g","caption":"Johann Hofmann"},"description":"Firefox Security &amp; Privacy Engineer","sameAs":["http:\/\/johannh.me","https:\/\/x.com\/johannh"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2498"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1454"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2498"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2498\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2498"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2498"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2498"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}