← Back to team overview

unity-design team mailing list archive

Re: Farewell to the notification area

 

> And you think malware couldn't put up a systray icon tricking you into
> thinking you have updates? You think you would be able to tell the
> difference? The panel icon is just as fakeable as the popup.

Disagree. Because update-manager does not require gksudo, there is no
screen dimming or anything else that indicates in an obvious manner
that it is an actual update window and not a popup coming from the
browser.

(I'm not talking about popup in the browser window sense, I'm talking
about popups in the z-index sense, they can work because it is
very common for the user to use the browser fullscreen)

Thinking better, *even* with screen dimming the user can be tricked:
all it needs is from him to have a dark theme (so the non-dimming
of the browser toolbar and the panel would be less noticeable)

And the most important:

Saying "both alternatives are insecure, so since it will be insecure
anyway let's forget the issue" is not exactly the optimal way of
solving a problem. We should look for a third alternative if needed.





Follow ups

References