[OpenID] Replacing all browsers isn't as hard as it might seem...

Bob Wyman bob at wyman.us
Sat Jan 20 19:30:01 UTC 2007

A number of comments related to the phishing issue are making the point that
"getting everyone to adopt a new client" is just too hard and will take too
long. These comments are, of course, based on extensive experience with
adoption patterns in many realms. The folk on this list have a significant
amount of experience with releasing products and observing the results of
others who have done so... However, I think many folk are ignoring the
simple fact that the browser market exhibits unique adoption patterns as a
simple result of the fact that there are so few significant providers of
browsers and the fact that one of those providers still enjoys effective
monopoly dominance in the market.

However,... just since October, we've seen something like 30% turn-over in
the browser market as users have switched from IE6 to IE7 and from Firefox
1.x to Firefox 2.0. These turnover rates are not surprising -- based on
earlier experience in the browser space. In most product areas, you wouldn't
expect such a rapid turnover unless the new products were radically
different from those previously offered. But, the reality is that neither
IE7 nor Firefox 2.0 were particularly compelling products (my apologies to
their developers...) -- certainly they were better than what came before,
however, for most end-users neither upgrade offered "must have"
capabilities. If either or both of these browsers had shipped with
"solutions" to the phishing or "identity theft" problems, my guess is that
the blazing turnover we currently see would have been even more impressive.
In any case, 30% in a few months ain't bad. Had those browsers contained the
needed solutions, it wouldn't be long before the number of old browsers
would be so low or that the old browsers would be so infrequently used as to
make phishing a much less compelling business than it is today.

The fact that browsers have failed to provide us with the capabilities we
need to provide our users with a safe browsing experience cannot be
something that we simply accept and try to work around. This situation
should be considered a scandal and the press should be filled with articles
on the subject. The proper and correct course of action is, I think, to find
means to force the browser developers to address better the most critical
needs of the market. Too many people have lost too much money, reputation,
or time as a result of using browsers built by people who prioritized
"pretty" web pages or proprietary interests as being more important than
safe browsing.

bob wyman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070120/cd74d1b0/attachment-0002.htm>

More information about the general mailing list