Frank Hartmann on Wed, 13 Aug 1997 19:50:52 +0200 (MET DST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Microsoft's "cancel" is an ambiguous word

... from this week's real audio interview transcript
between McChesney from Hotwired and Brad Chase, manager of the Internet
Explorer at Microsoft, on the release of the new IE 4.0:

> McChesney: Let's talk a little about security. One of the things that I find incredibly annoying is that I like to
> know when a cookie is being set on my hard drive. I also like to know when there's an Active X threat out there.
> When I arm my browser now to do that, I get about 5 million windows, particularly here at HotWired. It seems
> like there's a cookie every 15 seconds that comes up, and what I like about the Netscape browser is that the
> cookie alert window has two things you can push on. One says "OK," accept the cookie. Two says "Cancel."
> And I've never been sure whether when I press the Cancel button that means the cookie comes anyway. I don't
> know what Microsoft does about it now, but it's a very annoying thing. How do you take care of that in the new
> browser? 
> Chase: Well, there's a number of things we've done. We call the situation you're referring to "authorization
> fatigue." 
> McChesney: Right. Good term. Like compassion fatigue. 
> Chase: Yeah. People are just tired of seeing all these security alerts and having to respond to them all. At the
> same time, they do want to make choices about what they do. And as a consequence, we've innovated with a
> new feature in Internet Explorer 4 called security zones. And there's some default zones, like an intranet zone or
> an Internet zone.... 
> McChesney: You mean intranet zone, and Internet zone, the intranet being inside your company and
> something you fully trust, or at least you have to. 
> Chase: That's correct. You're supposed to. And so one of the things that's a lot different is today, on a
> Netscape browser or a Microsoft browser, you have to basically make security decisions for all sites at one
> time. And as a consequence it's really very difficult, and that's how you end up with authorization fatigue. So with
> Internet Explorer 4 and zones, you can develop groupings of sites and give them certain types of security
> clearances. And we do very basic common-sense things as defaults, like for example your intranet site, your
> internal company site, has a lower security setting, and an Internet site has a higher security setting, where you
> will get warned about things like Active X controls. 
> McChesney: Now in that zone; I mean, you have the trusted zone where you've picked out some sites that you
> think are not going to mess you up or send unwanted email or do all kinds of things to you like export your
> Quicken files and drain your bank account, or whatever might happen out there, but ... 
> Chase: Just your bank account, John. 
> McChesney: Yeah, I hear Active X controls can do that. But we'll talk about that some other time. When you get
> - when you're in the Internet zone, you get alerts, that is, this is the untested area out there, the great unknown,
> what does the alert look like? I mean, is it the same kind of alert we're getting now? 
> Chase: Well, we've tried to make the alerts a little more consumer-friendly, but they do try to also be direct to
> make people cognizant of the choices they need to make. So they are, I think, pretty similar to what you need to
> have now, perhaps a little more friendly is the simplest way to summarize it. 
> McChesney: Does it say Accept or Reject? 
> Chase: Yeah, or OK or Cancel. 
> McChesney: Cancel is an ambiguous word in there, you have to admit. I mean, it seems to me to mean you're
> just canceling the box, rather than canceling the cookie. 
> Chase: I don't actually know if we have an OK or Cancel per se. I mean, the problem is that you're dealing with
> a number of messages here. I don't remember them all off the top of my head. I would encourage you to try
> these situations yourself, and let me know if you think it's, if you think our messages are unclear. But I think we
> do a pretty good job of making it clear what your options are. 


#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: and "info nettime" in the msg body
#  URL:  contact: