unity-design team mailing list archive

Thread
Date

Re: Farewell to the notification area

To: Mark Shuttleworth <mark@xxxxxxxxxx>
From: Conscious User <conscioususer@xxxxxxx>
Date: Sun, 25 Apr 2010 12:42:50 +0200
Cc: Ayatana List <ayatana@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <4BD4118A.6070602@ubuntu.com>

> And you think malware couldn't put up a systray icon tricking you into
> thinking you have updates? You think you would be able to tell the
> difference? The panel icon is just as fakeable as the popup.

Disagree. Because update-manager does not require gksudo, there is no
screen dimming or anything else that indicates in an obvious manner
that it is an actual update window and not a popup coming from the
browser.

(I'm not talking about popup in the browser window sense, I'm talking
about popups in the z-index sense, they can work because it is
very common for the user to use the browser fullscreen)

Thinking better, *even* with screen dimming the user can be tricked:
all it needs is from him to have a dark theme (so the non-dimming
of the browser toolbar and the panel would be less noticeable)

And the most important:

Saying "both alternatives are insecure, so since it will be insecure
anyway let's forget the issue" is not exactly the optimal way of
solving a problem. We should look for a third alternative if needed.

Follow ups

Re: Farewell to the notification area
From: Conscious User, 2010-04-25

References

Farewell to the notification area
From: Matthew Paul Thomas, 2010-04-21
Re: Farewell to the notification area
From: Jim Rorie, 2010-04-22
Re: Farewell to the notification area
From: Matthew Paul Thomas, 2010-04-22
Re: Farewell to the notification area
From: Jim Rorie, 2010-04-22
Re: Farewell to the notification area
From: Mark Shuttleworth, 2010-04-23
Re: Farewell to the notification area
From: Jim Rorie, 2010-04-24
Re: Farewell to the notification area
From: Mark Shuttleworth, 2010-04-25