Emily StarkDec 19, 2022

New blog post: The death of the line of death

The "line of death" is a security boundary in web browsers about separating trustworthy browser UI from untrusted web content; I think the concept is waning in utility over time.

https://emilymstark.com/2022/12/18/death-to-the-line-of-death.html

The death of the line of death

The line of death, as Eric Lawrence explained in a classic blog post, is the idea that an application should separate trustworthy UI from untrusted content. The typical example is in a web browser, where untrustworthy web content appears below the browser toolbar UI. Trustworthy content provided by the web browser must appear either in the browser toolbar, or anchored to it or overlapping it. If this separation is maintained, then untrusted content can’t spoof the trustworthy browser UI to trick or attack the user.

Emily M. Stark
Show threadEricLawDec 20, 2022

@estark One bit that doesn't get much discussion is the role of experts vs. novices. There's no question that novices have no understanding of the difference between trusted UX and untrusted content, but in a design with no trustworthy pixels, even an expert can be completely fooled.

The advantage of allowing an expert to distinguish between trusted and untrusted is that they can "pull the alarm" and escalate to mitigations we know work for novices (URL Reputation interstitials), for example.

Show threadEmily StarkDec 20, 2022
@Ericlaw that’s true though I wonder if browsers have passed the point that even experts would notice the difference in an adversarial situation!
Show threadRick Byers
@estark @Ericlaw perhaps we should all be testing each other regularly? 😂 Even a full synthetic test with time-based scoring could be both fun and maybe useful.
Dec 20, 2022 at 7:28pmWeb
Show threadNathan Parker Dec 20, 2022
@RickByers @estark @Ericlaw A problem here is that successful social engineering often uses a sense of urgency, and triggers emotions that can override all your logical best practices. So while a few pixels that delineate trusted UX is good for when you want to do a careful review of a page, it's not so good when you're being hurried. I'm confident I'd succeed at the former, and fail at the latter.
Show threadEricLawDec 20, 2022

@parkern @RickByers @estark

Oh, for sure, I don't think we can hope to build something that would /never/ fool an expert, but I think we should continue to aspire to build experiences that /might/ be discernable by an expert.

I've been meaning to share some examples I've been collecting this year.

Show threadNathan Parker Dec 21, 2022
@Ericlaw @RickByers @estark I imagine you have a shelf with jars full of formaldehyde with spooky phishing sites preserved for our fascination. Do share.