Address bar greyed out

Not sure where to report a bug, so hopefully this'll do.

Firefox and Chrome have driven me away with their unusable nonsense, so I've come back to Opera again... only to find that there are some new bugs in my once-favorite browser.

The most annoying is this thing with the address bar.

Anything that isn't the domain itself is greyed out in the address bar, making it kind of hard to read. I can highlight the text in there and that makes it readable, but that's hardly a workaround -- I'm not going to highlight the entire address bar of every page I visit just so I can see what should be visible by default!

Anyway, there doesn't appear to be a way to turn this behavior off, leading me to believe that it's a bug. Any word on an ETA on when there might be a fix coming for this? I'd hate to have to downgrade Opera because of something so stupid and annoying, but totally avoidable.

Well, both of those were checked. I assume you were implying that I should uncheck them?

Because when I did, they didn't fix the problem, they made it worse. Now the first part of the URL is missing completely, and everything but the domain is still greyed out.

I don't think either of those particular options had anything to do with my issue.

And this appears to be something which could affect security. Considering how rampant phishing is these days, one would think that we'd be wanting to make sure we SHOW the user relevant information, not HIDE it from them.

So. Again, any word on a fix for this? Like maybe in an upcoming update?

I'm running Opera 11.10 on Linux Mint 11, but I just installed Opera 11.51 for Windows on one of my XP boxes and I'm seeing the same bug there with the addresses greyed out in the address bar... so this isn't just affecting Linux clients.

Wait, they did this on purpose?

Seriously? Why on earth would anybody want that?

Wow, that's... pretty bad design in that case.

Well is there some way that I'm missing that can turn this off? It's more than simply an annoying usability issue, it's really a security risk, not to mention an accessibility and navigation problem.

I can't believe something like this would get by testing and into a final release, by design or not.

I don't need your screenshots... it's doing exactly that on all of my computers.

And I saw your explanation. It's just nonsense. That doesn't make phishing harder... that's just making useful parts of the URL harder to read for the user. The absolute LAST thing we want to do these days is make it harder for people to see where they're navigating.

Not to mention, I find this incredibly annoying. It makes everything but the domain practically illegible with just about every skin I've got. I can't believe anybody is actually using Opera like this.

Seriously, is there a way to turn this off? I dug through every setting in opera:config but I couldn't find anything useful at all, and it's certainly not in any of the preferences.

Originally posted by ruario:

Originally posted by nelph0nd:

And I saw your explanation. It's just nonsense.

I'm having a little trouble taking your complaints seriously if you are genuinely arguing that you can't even comprehend that anyone might find this beneficial.

It isn't a complaint. I'm reporting a bug.

I appreciate that you don't like it personally and I can even sympathise to an extent as those extra parts to the URL can be interesting and useful for more technical users but surely you can see that for many users they add nothing to the experience and simply make it easier for them to be tricked.

Hiding parts of the addresses of sites people visit doesn't make them more secure, it actually makes it less secure. I find it shocking that a browser that's been around as long as Opera has would intentionally go in a direction that would actually obfuscate what is probably the most important part of the browser to the end user. This is tantamount to blocking peoples' car windshields except for the little area directly in front of the eyes where the road appears.

As for other users, yes they are all using Opera like this, as are the many Firefox and Chrome users, since these browsers do the same thing, as I am sure you already aware if you have tried recent versions of them.

I don't use Chrome. It's a usability nightmare.

As for Firefox, I've been using Firefox 3.6 because their recent trainwreck of a development/release system has broken most of my add-ons and wrecked any kind of consistency and stability. Though in poking around a bit, I see that they started doing this greying out behavior as well.

Though it appears it can be easily disabled in Firefox with one simple setting.

Why is that not the case in Opera?

In answer to your question, no you cannot turn the greying out off completely.

Then I reiterate, this isn't a complaint, it's a bug. Something that breaks usability on this level that cannot be shut off == a bug.

Is there an actual formal bug-reporting system used by the developers? I'd like to actually post this, along with expected behavior and some screenshots.

Wow, you put it that way, and I don't even want to bother.

This is a "real issue", it's not a "feature request", and I can't for the life of me understand why on earth something like this was done. Your attempts at explanation have actually been counter to logic and common sense, and in actually attempting to use Opera this way, I can't see how anybody hasn't reported this bug already.

It's bad, inflexible UI with no option to change it that keeps me from using Chrome, and Firefox is circling the drain. This is why I actually came back to Opera.

Only to find that developer arrogance has apparently taken over here as well? "Here, this is a UI change that makes the browser unusable, and if users don't understand it, they should just deal, get on their knees, and beg nicely for usable behavior to be added back in as a 'feature', and if they're humble enough about it, we might consider honoring their request."

No thank you. I'll report it as a bug, because that's what it is. I will not be making "feature requests" for something the browser has already done for 10+ years and suddenly stopped doing because some developers decided to start copying flawed user interface dead-ends from other browsers because it's trendy to do so.

And if the bug gets closed like you say it will, then I'll know I just need to move on in my search for a browser that is more usable and more secure. But that's extremely unfortunate; Opera was one of the last good ones out there. I'm sad to see that it's gone down the same wrong road as the others.

Originally posted by ruario:

In answer to your question, no you cannot turn the greying out off completely.

It turns into a real usability issue with colors other than the standard black & white (and even then for some people gray may be hard to read). I like to use a light gray as a background color for textboxes and while I can read the stuff just fine it's definitely harder than I think it should be. In fact I might've been using a slightly darker gray right now if it weren't for Opera's grayed-out addressbar. When someone uses dark background with light text it's completely unreadable. I'd say the easy fix would be configurable color of the low-lighted text, or just more control over the display of the addressbar in general*. The hard fix would be to do some kind of brightness calculations and adapt the text color "intelligently". Either way, it is a bug in its current implementation.

* As I've said before, I think a much better method of accomplishing the same thing would be making the domain bold, underlined, or some such, but this is really something I'd like to control like I can in Firefox.

Seriously.

I mean look at this:

http://guildhaven.org/images/opera_1152_address_bar_screenshot2.jpg

How can anybody look at that and call it "usable"?

I should probably add that I can't stand glaring white contrast to stare at all day, so I tend to use darker skins/themes on my browsers. Unfortunately all of the skins I use for Opera make the address bar unreadable like in my screenshot above.

This never used to be a problem before this bug was introduced.

Unfortunately, this is a dealbreaker for me, so I guess it's back to Firefox until a fix comes down the pipe.

Originally posted by nelph0nd:

Seriously.

I mean look at this:

http://guildhaven.org/images/opera_1152_address_bar_screenshot2.jpg

How can anybody look at that and call it "usable"?

You should've posted that earlier. Anyway, I'd say submit a bug report with reference to that very screenshot. I can only repeat I agree that this is a serious usability issue and hence a bug, caused by hard-coding of the gray text color without regard for a user's color preferences.

Originally posted by nelph0nd:

I should probably add that I can't stand glaring white contrast to stare at all day, so I tend to use darker skins/themes on my browsers. Unfortunately all of the skins I use for Opera make the address bar unreadable like in my screenshot above.

This never used to be a problem before this bug was introduced.

Unfortunately, this is a dealbreaker for me, so I guess it's back to Firefox until a fix comes down the pipe.

Similar here, except that I don't like the gray to be quite that dark and I like Opera so much better than Firefox (and Firefox in turn so much better than any other browsers) that Opera would have to become an incredible amount worse for me to stop using it.

Yeah, I'm really not sure what to do now. Every major browser seems to be succumbing to the absolute worst trends in UI design, and the worst elements of those design decisions are always forced upon users in ways we can't disable.

I mean for Pete's sake, I didn't know these address bar shenanigans were done to Opera on purpose until ruario said as much.

How good a design decision is it when your "feature" makes the product so hard to use that users think it's a bug when they first encounter it?

Not very good at all.

So I don't know what to do. Firefox 7 (which I just installed this morning) is a complete trainwreck -- speaking of sadness, it's horrible to watch a once-exciting and innovative browser completely self destruct like Firefox has done over the last six months. Shockingly so.

Chrome is a complete non-starter. Opera seems to be going down the same anti-usability route as Chrome, apparently, particularly with respect to flexibility -- which is the saddest thing of all. Opera used to be the king of UI flexibility, which is why I used it for so long before v10.* stability issues finally drove me to Firefox a couple of years ago.

So what now? I've played around with Midori and Arora, and while both are pretty intriguing, they are also pretty immature, and they have a long road to go before they're viable replacements.

Ugh. I can't believe it's 2011 and I can't find a usable browser. It's like things have turned around and are heading backwards instead of forward.

Originally posted by nelph0nd:

Seriously.

I mean look at this:

http://guildhaven.org/images/opera_1152_address_bar_screenshot2.jpg

How can anybody look at that and call it "usable"?

Now that you have posted a screenshot it's immediately clear what you mean, but it wasn't before, for people not on a black-on-white theme or skin . It seemed like you were saying that the feature was completely wrong - which you may in fact think, but many people would disagree with you on that - while your screenshot seems to indicate the thing that's mostly wrong and what's stopping you from using the browser normally is the coloring with the specific theme that you use. It is of course hard to read dark gray text on a dark gray background! Me and many others wouldn't see the problem you see there, because dark gray text on a white background is pretty readable indeed. Sometimes a little screenshot goes a long way

Opera should not use colors with that little contrast. Feel free to file a bug for that.

Well even with the default skin, it's still pretty hard to read on my monitors, so I have a hard time believing others haven't been having similar problems. They probably just didn't know how to report them.

Originally posted by ruario:

As AVL and Frenzie said, log it with the screen shot, highlighting that this is particularly troublesome with some skins (include the name of the skin(s) you are using). This does make the world of difference.

I included a screenshot with my bug report.

P.S. In the mean time, you could consider making use of the opera:config#UserPrefs|ShowAddressInCaption option to show the full URL in the title bar. This will give you a way to quickly check the URL without having to click in the address field.

Thanks, that's a good suggestion and I hadn't run across that setting when I was digging around in opera:config. It doesn't solve the problem, but it's at least something.

Yup, it's DSK-348160.

Thanks.

Originally posted by nelph0nd:

Well even with the default skin, it's still pretty hard to read on my monitors, so I have a hard time believing others haven't been having similar problems. They probably just didn't know how to report them.

On my computer, the gray text is the color #7f7f7f. If we take the background color as #ffffff (the default, mine is #e6e6e6) that gives us a contrast ratio of 4:1.

This passes the WCAG 2.0 for large text (18+pt or 14+pt bold), but fails it for text smaller than that. Also note that it only passes prority 2 (AA), not priority 3 (AAA). Now you might say people with problematic vision are probably using large types, but perhaps they don't need to as long as contrast is sufficient.

Indeed, this seems wrong even in the best possible scenario*.

* As I already said, my personal theme has small font and a contrast of only 3.2:1, but then I've got good vision. What I consider problematic should not be valid criteria for design in such matters.

To be clear: The part of an URL that is important is the part that shows you which site you are on. Fading out information that most people will not need most of the time is good security because it highlights the part they need to pay attention to. Overloading people with information they don't need or understand is bad news for security.

Heh, if you say so. I work in the IT department of a company, specifically as an information security analyst, and I can without hesitation tell you that you're wrong.

Hiding address information from users is bad, bad security, especially in this day and age. Just because you say it's somehow more secure does not make it so. Normally I charge a consulting fee when handing out information security best practice advice; consider this one to be a freebie.

And don't even get me started on the whole hiding "http" and "https" by default, and replacing them with confusing symbols nobody can be expected to understand.

But at least there's a way to fix that.

Here, did some rudimentary research for you, to get you started on getting up to speed on information security basics on this subject.

http://dl.acm.org/citation.cfm?id=1979244

You're welcome.

You're quoting the abstract.

I read the entire study, along with another one that focused on other anti-phishing methods.

What it came down to was that for non-technical users (the ones for which this "domain highlighting" is supposedly intended), it didn't have any real impact, because those users tend not to pay any attention to the address bar anyway, highlighting or not.

For one small group, they noted the domain in it, and were able to identify what website they were on, but they were still just as likely to fall for a spoofed domain name (like "paypa1.com") in spite of the spoofed domain being highlighted.

For everybody else, it was either an annoyance or it was actually detrimental to their ability to tell what site they were on.

That study indicated something else, which I found even more disturbing (along with the others I've read). These measures have been implemented in browsers without any real data as to their effectiveness (or lack thereof); in fact, the study I linked was the first ever done on the subject.

Yet this is touted as a "feature" that somehow makes browsers "more secure", which we can pretty clearly see is false; at best, it makes people feel like the browser may be more secure, but in actual tests with actual users it didn't really prevent enough phishing attacks to justify that claim, and it actually interfered with other users' ability to determine what was going on.

I can tell you without reservation that from an information security standpoint that anything that gives users a false sense of security is actually worse than no security measures at all.

Not to be insulting or anything, but this is the kind of thing with which I would expect developers of a recognizable browser to be at least passingly familiar.

Originally posted by ruario:

We conclude that domain highlighting, while providing some benefit, cannot be relied upon as the sole method to prevent phishing attacks.

I think we can all agree with that, which is why it isn't the sole method we use to help users but rather one of many. Others being stuff like our badges and website block lists.

I'd just like to point out (again, but I feel this is important) that while technically some text is highlighted when the surrounding text is made less conspicuous, I'd much rather see actual highlighting, meaning bold, underlined, italic or some such. This would also remove the entire problem of hard-coded text color, although it raises the question of what to do when the user chooses to always use bold text.

Originally posted by nelph0nd:

That study indicated something else, which I found even more disturbing (along with the others I've read). These measures have been implemented in browsers without any real data as to their effectiveness (or lack thereof); in fact, the study I linked was the first ever done on the subject.

Yet this is touted as a "feature" that somehow makes browsers "more secure", which we can pretty clearly see is false; at best, it makes people feel like the browser may be more secure, but in actual tests with actual users it didn't really prevent enough phishing attacks to justify that claim, and it actually interfered with other users' ability to determine what was going on.

I imagine that companies also do usability studies without necessarily publicly publishing the results (not counting finished products)?

Well, you can't let the results of that research interfere with the "vision" of a product that copies all of the trendy "features" everybody else is doing these days, can you?

If your own security team was paying attention and doing their job, I wouldn't have had to point this out.

This isn't simply my "personal opinion"; I base my professional decisions regarding information security on best practices, up-to-date standards, studies, and hard data.

So I won't just agree to disagree on this. Opera has implemented a feature that at best is useless, and in practice actually impairs security by giving users a false sense of safety. As an information security professional, and a longtime Opera user, I think it's important to point this out so that you can correct it.

Heck, I even provided you with a link to a study that backs that up, and still with the condescension?

Whatever. Do your own research then. But if Opera really wants to follow trends that Internet Explorer and Firefox are setting, well, I guess Opera will follow their mistakes as well. Unfortunate.

Hey, you're the one that suggested that I post this as a polite and humble "feature request" instead of the massive bug that it is. You set the tone here, and continuing to contradict basic security best practices and common sense by insisting that this is somehow "more secure" when I've already pretty well proven that wrong, well, that's just being obstinate and contrary on your part.

So condescension is what you'll get from me.

I like Opera as a browser. I've used it (with the exception of the last 2 years or so because of stability issues) since 1998. You work there. You want Opera to ever achieve more than 1-3% market share? Stop following the pack, stop copying their mistakes (like this one), and start innovating again.

For years, everybody else was copying Opera when it came to browser features... tabbed browsing, built-in content blocking, built-in popup blocking, speed dial, et al.

I think that says something.

I want to see Opera back on that path again, not the path of "everybody else is doing it, even if it annoys users and breaks things, we don't care".

It's that kind of arrogance that's driven me away from Firefox. 100% truth.

So yes, I'm giving you attitude, but you know what? It's deserved. Pass it along. I'm a long-time user who's pretty disappointed in what I'm seeing, and this domain highlighting "feature" and your repeated contradiction to my pointing out of its security implications is just a symptom of what I suspect is a larger problem that I've already been seeing in other browser dev teams.

So take that as you will. I care enough to give my opinion of Opera's direction here, and I care enough to give you advice as an information security professional.

Originally posted by haavard:

To be clear: The part of an URL that is important is the part that shows you which site you are on. Fading out information that most people will not need most of the time is good security because it highlights the part they need to pay attention to. Overloading people with information they don't need or understand is bad news for security.

By the way, ruario, it was haavard's post that prompted the condescension from me. Not you. You just managed to keep poking the beehive.

Originally posted by nelph0nd:

By the way, ruario, it was haavard's post that prompted the condescension from me.

That's not what you said before.

Originally posted by nelph0nd:

Hey, you're the one that suggested that I post this as a polite and humble "feature request" instead of the massive bug that it is. You set the tone here, and continuing to contradict basic security best practices and common sense by insisting that this is somehow "more secure" when I've already pretty well proven that wrong, well, that's just being obstinate and contrary on your part.

Either way, I would assume (or hope ) that haavard is referring to the outcome of some kind of (not necessarily public) research.

Hey, I was on a roll.