[LINK] Why does Firefox send non-URL text in the location bar to Google etc.?

Robin Whittle rw at firstpr.com.au
Thu Jan 6 14:11:44 AEDT 2011


Hi Jim,

I stand by what I said about the problems of privacy and security
threatening features being on by default and not having convenient and
obvious user interface controls.

Just because some or many "ordinary users" want to do something is not
a reason to write software which lets them do it, or encourages them
to do it.

People who write software should be wiser and smarter than average
users, and should do the users a favour by not allowing or encouraging
patterns of usage which are contrary to their interests.  You might
think this is condescending, but I say it is caring and responsible.

The human mind needs to adapt to new situations and is perfectly
capable of doing so.   We can't be dumb about cars, or the care or
pets, or the use of Internet computers - unless we are willing to
accept crashes, maintenance failures, and privacy/security breaches.

Cars and cats only have limited ability to adapt to humanity.
Software can be adapted and I think it should be designed to prevent
or discourage accidents and folly in the frequently hostile and
dangerous setting of the Internet.

There's a big difference between typing or pasting a proper URL which
the browser will interpret and use to start an HTTP session and typing
or pasting something else, including something in the clipboard by
accident, and having the browser instantly send this to a search
engine, where it could be stored, sent to others, and potentially
plastered far and wide on the Net.  People need to adapt to this.
Just because some people don't care, or are ignorant of the problems
doesn't mean that programmers should write software which panders to
every short-term and poorly informed urge a user might have.

There used to be a site http://www.metaspy.com which provided whole
search terms from Metacrawler.  I archived a bunch of them here:

  http://www.firstpr.com.au/curiosity/txt/metaspy.txt

I am not sure that such a thing exists now.  If it did, then anyone
who accidentally did what I did the other day could find the contents
of their clipboard sent to others via Metacrawler.  Even without this,
the contents of my clipboard went straight to Google - and there's no
way of knowing the limits of what could happen to it there.

The clipboard could have contained a highly personal part of an email,
or something confidential concerning a business I work for - pretty
much anything.


Its not clear how you can protect your users via "secure systems"
without educating them about security and how to use only systems
which are secure.

Broadly speaking, the way machines and IT stuff should adapt to
failings of human awareness, knowledge, attention and dexterity is to
try to prevent and discourage events with adverse outcomes.  Part of
this is to discourage patterns of usage which lead to such dangers.  I
believe strongly that fudging the distinction between a URL you want
your browser to use and text to be sent to a search engine is a clear
instance of encouraging ignorance and lack of care.


  - Robin


>> I think this is a really bad "feature" - especially to have on by
> default.  Doubly so not to have any ordinary user-interface option to
> control it.
> 
> If Firefox had a UI for every backend option that someone wants to use
> the Options interface would be 100 pages long.  It's a trade-off between
> simplicity and completeness that aims to get what most people might need
> to use. 
> 
>> ... stupidity and laziness of users ...
>> People should not be encouraged to fudge the distinction between a URL
> and text to be sent to a search engine.
> 
> On the contrary, computers are unnecessarily hard to use. Who - apart
> from a few eggheads - really wants to remember and type strange strings
> of characters?  The general trend is towards smarter software that is
> fitted to the human mind, not forcing the human mind to adapt to
> computer protocol conventions and code design.  If you're an IT
> professional you do need to know  this kind of stuff (where it is
> relevant or useful) but not if you are a casual user.  We don't have to
> understand how our car, or our pet cat, "works" unless you're a mechanic
> or a vet.  We have cleverly evolved mental systems that deal with cars
> and cats heuristically and cars and cats have adapted to fit those
> mental systems.
> 
> Ditto for software.  The idea that an ordinary user needs special
> knowledge is indicative of a technology in its early stages. 
> 
>> Accessing a login page by typing in "facebook login" or "commonwealth
> bank login" and using a search engine to find the page is stupid because
> it is insecure.
> 
> Google does a better job of checking for fake and malicious pages than
> your average computer user could possibly do.  Most people
> don't/couldn't understand the threats they face, let alone how to deal
> with them appropriately.  I haven't totally given up on trying to
> educate my users but it's clear to me that secure systems are a much
> better solution than endless education programs.
> 
>> ... sometimes cause perfectly cautious and wise users to send text, by
> accident, to a search engine, where there are no real limits on how it
> could be copied or otherwise used in ways which are contrary to their
> intentions.
> 
> I don't know what you think Google is going to do with your precious
> search phrase - other than what they say they do - but it sounds a
> little paranoid to me, especially considering the nasty real threats out
> there.
> 
> - Jim



More information about the Link mailing list