Shostack + Friends Blog Archive


We Have A Favicon!

Because Emergent Chaos cares about your privacy, we employ industry standard measures to protect the security of our site, and convince you to provide us with personal data we don’t need, which we shall carelessly sling around. Our compliance is monitored by Ernst and Young, we ship backups via UPS to Iron Mountain, and our employees are background checked…no, I can’t even say it.

What I can say is that we’ve shamelessly stolen Jean Camp’s awesome hack of using the SSL lock as a favicon, making it show up in the URL bar.

Right now, this is only for the HTML version. If anyone knows how to edit Moveable type config files so this gets into the RSS, please let me know.

7 comments on "We Have A Favicon!"

  • Arthur says:

    It should appear automatically. In NetNewsWire, you have to delete the feed and re-add it, since it doesn’t check for new or changed favicons at reload.

  • sama says:

    but my address bar doesn’t turn yellow…

  • Phill says:

    That is why we should only use trustworthy data in the trusted parts of the user interface. See Secure Letterhead, PKIX Logotypes etc.

  • Adam says:

    I don’t know what parts of the UI are “trusted” and which aren’t. The usability studies have all shown that users respond to locks in web pages, never mind the “trusted chrome.”

  • Jon says:

    Hey, PGP has used a lock with hasp as a favicon for ages. Look at . In 2004, there was net-wide handwringing because Ian Grigg suddenly noticed it and wrote about it in in 2004. I haven’t googled out my reply at the time to Farber’s list, but I think it dates back to ~1998. The O’Reilly “animal” for PGP was a lock with a hasp back in 1995. We have never changed our favicon because we were here first. 🙂
    If you’d like, I can check with my lawyer to see if that favicon is a trademark. 🙂

  • Chris Walsh says:

    That is a funny one. How abt making the lock upside-down?

  • dbs says:

    Better yet, the favicon should be a broken red lock – an indicator that the security of this site is non-existant. See if you get any mails saying “Hey, I went to read your site, but got this broken lock icon. You’ve been p0wn3d!”

Comments are closed.