Firefox 4: Practice what you preach
April 25, 2011I downloaded Firefox 4 the other day. And I watched the video of the new features, as well as the interactive display. One of Firefox 4′s new security features is the ability to verify a site’s identity by clicking on its favicon.
Unfortunately, when I clicked on the favicon for Mozilla (the makers of Firefox), I got this:
It would be nice if they practiced what they preached.
(I checked several other popular websites too — Google, my bank, White Pages, WordPress, etc. — and all of them have this same message. So, how do web developers make sure their site is listed as legitimate? I looked in the Firefox options, but could see nothing there. Anyone know?)
Update: For more information about this website identification, see http://support.mozilla.com/en-US/kb/Site%20Identity%20Button. Seems it’s OK for there to be no ID information for many sites (and they will have a light gray tinge around the favicon), but that’s not how I initially read the summary information about this new website security feature — I had to go hunting to find it. That said, when I logged into my bank, I still got the gray shading around the favicon, not blue or green as described in that article.
I agree, their explanation is not that great. I believe that this feature is for ‘secure’ sites — ones that use ‘https’. For example, if you go to https://gmail.com, you should see it work. For non-secure sites (http), they don’t have a security certificate, so Firefox can’t validate their authenticity.