← Back to context

Comment by bayindirh

4 days ago

You would because there'll be context:

1- You'd be in a page where you'll be enrolling your YubiKey or WebAuthn device. You'll be having your key at hand, or recently plugged in.

2- Your device's LED would be flashing, and you'll be pressing to the button on your device.

3- The warning will pop-up at that moment, asking that question to you. This means the website probably querying for something like the serial number of your key, which increases the security, but reduces your privacy.

With the context at hand, you'd understand that instantly, because the place you are and the thing you're doing perfectly completes the picture, and you're in control of every step during the procedure.

4 comments

bayindirh

Reply
1718627440  4 days ago

> probably querying for ...

Exactly. You need to infer that, it isn't stated directly.

Same like you need to guess, that "Unable to connect" means connection refused, while "We can’t connect to the server at a" means the DNS request failed. Or does it mean no route to host? Network is unreachable?

I would argue, that (sometimes) the user would be fine to distinguish whether he wants to approve something, but can't because both dialogs state the same wishy-washy message. Even non-technical users (might) eventually learn the proper terms, but they can't if they only get shown meaningless statements.

  • bayindirh  4 days ago

    > Exactly. You need to infer that, it isn't stated directly.

    I don't care. The site is doing something unusual. It's evident, it's enough to take a second look and think about it.

    > Same like you need to guess, that "Unable to connect" means...

    Again, as a layman, I don't care. As a sysadmin, I don't worry, because I can look into in three seconds flat. Also, Unable to Connect comes with its reasons in parantheses all the time.

    We should think in simple terms.

    • 1718627440  4 days ago

      > I don't care. The site is doing something unusual. It's evident, it's enough to take a second look and think about it.

      Is it enough to do an informed decision?

      > Again, as a layman, I don't care.

      You do care, whether you mistyped or the network is down. I agree that you probably don't care to distinguish between "network unreachable" and "no route to host" though.

      > As a sysadmin

      True, but that information was already there and was thrown away.

      1 reply →