Trusted Site, Untrusted Browser

I installed the just-released Netscape 8 Beta. It imported most of my settings from Firefox, including bookmarks, cookies and even history. One of the first things I always check with a new browser is how it identifies itself, which in this case is as Firefox 0.9.6. (Presumably they’ll get on this by the time the final version is out.)

First impressions: importing was clean and worked well. UI is a bit freaky, as things are spread all over the place—like the main menu, which is in the upper right and in line with the title bar instead of where the menus are on every other Windows application. The multiple toolbars seem confusing at first (it took a while to dig up my bookmark bar, for instance). Then I looked at the site trust/rendering choices, the big exciting feature of this release. And I’m not impressed. Or rather I am, but not favorably.

The current tab shows a shield icon indicating the trust level of the site: Green if it’s been verified by a “Netscape Security Partner,” yellow if not, and I would presume red if it’s a known phishing/virus/etc. site. There’s also an icon indicating the trust level: a check mark if it’s trusted, an ellipsis for “not sure” and an exclamation point for not trusted. Unverified sites are, by default, in the “not sure” category. So far this makes sense.

Clicking on the shield icon opens a site controls dialog box enabling you to choose to what extent you trust the website, and below that, whether to display the site using the Mozilla Netscape or Internet Explorer engine:

Site Trust Settings

Imagine my surprise when I selected “I trust this site” and was greeted with a message saying “You have chosen to view this web site using the Internet Explorer display engine. Your setting will be remembered the next time you visit this site. Please be aware that there are known security vulnerabilities with the Internet Explorer display engine.” Of course, I had not made that choice.

It turns out that the default settings are as follows:

  • Trusted: Display as IE with cookies, ActiveX, Java, and JavaScript.
  • Not Sure: Display as Netscape with cookies, Java and JavaScript.
  • Not Trusted: Display as Netscape, no cookies, Java or JavaScript.

It also reloads the page immediately—which kind of makes sense—but which forced me to start writing this post all over again when I decided to check a setting halfway through the second paragraph. They don’t seem to have worked out a way to get the IE and Netscape engines to share cookies, either, because I had to log in again after switching.

But what really bugs me is that it assumes with “trusted” sites that you’ll want to use the IE rendering. It may actually be true for a lot of people, but it undermines the effort to get sites to use browser-independent designs. It’s one thing to make it easy to switch into IE mode for sites that require it, but making it assume IE from the start leads to “why bother?” thinking. By default, on top-tier websites Netscape is no longer Netscape. If you look at Netscape.com, which is in the built-in trust list, you will view it as IE does. And of course, there’s a natural tendency to mark sites you trust, because it keeps reminding you that it doesn’t know whether you trust the site. So if you decide that you trust, say, meyerweb.com, and you mark it, you’re going to have problems with the examples on CSS/Edge.

You can set a trusted site to use Netscape rendering—this gives you a gear icon for “custom” settings, which looks like a slightly lumpy circle when shrunk down to the tab size. You can also change your own default settings, but given that as far as I can tell the only difference between Trusted and Not Sure is the rendering engine (and ActiveX), the only benefit I can see to doing this is for sites in Netscape’s own trust list.

In short, I don’t think Netscape 8 is going to pick up much of Firefox’s audience. On the other hand, I have to admit that there’s something strangely exciting about being able to load Windows Update in Netscape.

in View Kelson Vibber's profile on LinkedIn

1 thought on “Trusted Site, Untrusted Browser

  1. Pingback: Multi-Engine Web Browsers | K-Squared Ramblings

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.