Module antiphishing(vivaldi browser is more safe)...
-
-
@koloveli I don't understand what you are trying to say and I only see 2 screenshots and a very unclear headline.
Please add some explanations.
-
@Dancer18 "colortab" can help to identify websites falses, for exemple...(sorry my english)
-
@koloveli You want a tab to color itself with a certain color as soon as it is a phishing site?
-
@Dancer18 said in Module antiphishing(vivaldi browser is more safe)...:
You want a tab to color itself with a certain color as soon as it is a phishing site?
not, in theory this already happens with this option, it is enough for us users to observe it well
-
@koloveli Ok, you mean setting the color of a tab is already possible. And now you want a feature to use that for or against fishing sites?
To explain your request more detailled and be more comfortable with post writing, you could use the DeepL translate plugin.
With this plugin you can write any forum post in your language and then click on the DeepL button (green marked in screenshot).
The whole text is translated immediately.
That is very easy and helping you to get understood much better.
-
@Dancer18 not, only say that it is option help the protect against sites fraudulents...(sorry my english!)
-
@koloveli No problem, except that I still don't understand the point. Do you want to just explain that Vivaldi developers could use tab colors to warn about suspicious websites?
-
@Dancer18 "colortab" in vivaldi can help user identify sites false for color...
-
@koloveli How exactly can the user do that?
I still don't understand.
Write your thoughts in your own language here.
I will translate them. -
Such phishing anti-measure can not be added by Vivaldi for technically reasons: data (icon, favicon, website's HTML meta elements theme, JavaScript) sent by server affects the coloring of a tab.
-
Please note that known phishing sites, and other malicious sites are already being detected by the Safe Browsing system that is part of the Chromium code Vivaldi is built upon.
When such sites are detected you will be warned by a blocking dialog, and have to click through multiple buttons to continue to the site.
In other words, the user have already been warned, and there is no need for any further color warnings in the UI if the user decides to disregard the warning.
Additionally, what several studies have found, particularly regarding the (now removed) Extended Validation "Green Bar", is that 1) users ignored such visual security cues, and 2) even when they noticed the cue, they frequently misunderstood the meaning, and 3) when being presented with dialogs with easy-to-click "continue"-buttons (e.g. old-style certificate warnings), the users automatically clicks the button without considering the warning (a more common example today are Cookie banners and GDPR banners). The conclusions have been that the only way to protect the user is to block them from continuing and when allowing them continue the process is made into a multistep sequence.
Also, as @DoctorG says, the menu and tab colors changes based on the colors used by content specified by the web site itself, which means that it is not possible to add any other coloring scheme.
-
@yngve And a good AV should block such sites before even connecting to it as well.
-
@Dancer18 said in Module antiphishing(vivaldi browser is more safe)...:
@koloveli How exactly can the user do that?
I still don't understand.
Write your thoughts in your own language here.
I will translate them.for exemple, you receive one mensage in email with site fake, colortab not is same...
then use these options can help identify websites fakes... -
option is excellent in identify sites falses...
-
@koloveli You have already opened such thread https://forum.vivaldi.net/topic/85135/module-antiphishing-vivaldi-browser-is-more-safe/1
-
@DoctorG "colortab" it might help to identify fake pages, internet criminals don't care that much...(sorry my english)
-
Unfortunately, so far I have not seen any information about how this is supposed to actually work.
- What is the "colortab"?
- How is it activated?
- Very important: How will users know what the color means? Keep in mind what I said earlier about most users not paying attention to security indicators that does not prevent them from continuing. Additionally, the Vivaldi tab bar changes color based on elements from the currently displayed tab, which means that any different colors in it will be ignored.
- Very important: If this is activated by the browser, how does the browser determine that a site is fake or real? Keep in mind that, as mentioned above, there is already such a feature in Vivaldi: the Safe Browsing database of known malicious pages, sites, and downloads, including hacked sites, which actively block the user from ignorantly accessing a malicious page.
- Very important: If this is activated by a site without any automatic cryptographic verification (which was what the above mentioned Extended Validation Green Bar was all about, and it got ignored and misunderstood by users; and the padlock was also misunderstood, which is why unencrypted connections now get a much more ominous indicator), then a malicious site can replicate it (and malicious devs will duplicate everything that can be duplicated in order to make their fake site believable). And then there is the possibility of hacking the site to present the malicious content.
Essentially, I can see nothing new here that haven't already been tried before, and which failed miserably, or isn't already implemented in a much better and safer way.
What the 15+ year history of the padlock and EV Green Bar (and other security UI indicators and dialogs), as well as the more recent cookie and GDPR banners have all proved is that most users will ignore them or automatically click them away so that they can continue on their way, as long as they aren't very scary (see my screenshot above).
I suspect that any new security related UI will need to not just have an ironclad, well-formulated reason and design, it will have to be presented alongside multiple peer-reviewed research papers by multiple independent researchers proving that it will work as intended when displayed to normal users.
-
@yngve You are reading too much into it. What OP spams is that if you activate the "Accent from Page" in the Tab Settings you can... recognize if it's the original webpage or an impostor version trying to phish you, i.e. let's say the original webpage of a bank would make the tab bar green, but the impostor version would make it blue.
OP probably also assumes that the algorithm which decides what color to display is so sophisticated that it could recognize minor color variations (assuming internet criminals don't care duplicating the webpages 1:1, so an original green stripe on a yellow page would be of a slightly darker tone) thus displaying also a different color. -
@koloveli The color option is for design, not security.
Best options to avoid deceptive sites are:
- using an adblocker (filter out a lot of crap)
- carefully look at the url and understand how phishing urls are made (their pattern)
- avoiding http sites with a broken padlock, certificate or which trigger the red page (or just non input private info there).
- avoiding ambiguous sites (piracy and so on).
An algorithm could be still easily fool. This steps are way more reliable when combined.
@yngve GDPR/cookie law is hideous and often annoyingly implemented: Forcing to store "essential cookies" to access a site without breaking it. The only good side I scrapped years of mail newsletters I've never applied for.