Become a fan of Slashdot on Facebook


Forgot your password?
Encryption Google Security

What Gmail's New TLS Icon Really Means: Email Encryption Is Still Broken 129

An anonymous reader writes: On Safer Internet Day Google announced that Gmail will display warning signs for missing encryption and authentication, a great initiative indeed! Now that it's live we've taken it for a spin, only to find that the warning when composing email is quite slow (for new domains), and that they fail to mention that the non-authenticated TLS encryption that the currently sad state of SMTP encryption leaves us with is really poor, and vulnerable to almost anything (except passive wiretapping). I rather wish they took a stance on how we could move on to proper email encryption.
This discussion has been archived. No new comments can be posted.

What Gmail's New TLS Icon Really Means: Email Encryption Is Still Broken

Comments Filter:
  • by Anonymous Coward

    The problem here is that crypto infrastructure in general is too fucking hard for anyone but dedicated security professionals to work with. Hell, even they have a shitload of trouble with it, as we've seen from the many OpenSSL bug debacles lately! This technology is way beyond what average, or even above-average, computer users are capable of dealing with. Some people will probably reply saying, "But it's not that hard! I can understand it!", yet those are the kind of people who understand this technology

    • Not quite. The core beef seems to be that the commonly used STARTTLS method of SMTP transport encryption is essentially optional, which allows hackers to use a variety of methods to force-downgrade target connections (in situations where mature implementations of HTTPS would have safely blown up). In other words, the authors are seeking a world where you install your mail server cert just like you install your web server cert, and it all works fairly securely out of the box. The reality is that it's earl

      • Here is a script that I use to pass sensitive content from outside email. I should probably redo it to use keypairs on both sides.

        #!/bin/sh #openssl genrsa -aes256 -out ~/.prv.key 8192
        #openssl rsa -in ~/.prv.key -pubout -out ~/.pub.key
        SESSION_KEY=$(mktemp -t crypter-session_key-XXXXXX)
        case $(basename $0) in
        openssl rand -base64 48 -out ${SESSION_KEY}
        openssl rsautl -encrypt -pubin -inkey ${PBK} -in ${SESSION_KEY} |
        openssl base64
        echo ___:
        for f

        • Re:easy encryption (Score:5, Insightful)

          by Anonymous Coward on Tuesday February 16, 2016 @07:38PM (#51523639)

          Imagine if you could actually write good clean documented code!

          Good example of how not to code.
          - no useful comments
          - the only two comments conflict with each other
          - no line breaks before "if" constructs or after "else" constructs
          - assumes existence of files for which it doesn't check existence
          - doesn't check status for execution of openssl commands

          Not bad for a six-year old.

          • by chihowa ( 366380 )

            As someone who just inherited a huge repo full of uncommented code with nondescript variable names (A, B, C...) and no error handling, I have to say that the parent comment isn't scored high enough. Posting crap like that on the internet does nobody any good. Even if it is short enough to understand, poorly written code is especially intolerable if the subject is cryptography.

            (Anyone who says that their code documents itself hasn't tried waiting a year and then trying to figure out why their undocumented co

      • by scdeimos ( 632778 ) on Tuesday February 16, 2016 @05:44PM (#51522825)
        If you're thinking STARTTLS then you're encrypted transport system is already broken. Use the proper SMTPS ports. A number of ISPs (including TPGi in Australia) use Cisco PIX appliances (and other) to intercept SMTP tcp/25 traffic from their users. And they force unencrypted connections by not reporting STARTTLS in its EHLO response. Your privacy and security, broken in the name of "SPAM control."
        • by ptudor ( 22537 )

          "smtp fixup" is the worst PIX/ASA default configuration ever. So obvious what The Problem is once you see a bunch of asterisks censoring the SMTP conversation.

    • by Anonymous Coward

      Posting anonymously for several reasons.

      I am a cryptosystems implementation expert, and I can tell you that the user interaction with cryptography is ALWAYS the reason modern cryptography fails to be adopted.

      The truly frustrating thing is that it's relatively easy to abstract the user from the cryptography, but for some reason, hardly anyone does this for email, principally because it requires a great deal more work on the infrastructure side initially. A company like Google could easily develop such a sys

    • by stooo ( 2202012 )

      Whoa. A TLS icon on the website. How cute is that ?
      Absolutely useless, though.

  • by unrtst ( 777550 ) on Tuesday February 16, 2016 @02:45PM (#51521131)

    Use S/MIME, PGP, etc...
    All the transport level stuff isn't going to protect your email or ensure it's not modified in transit (or at the destination or origin).

    Gmail's help on their new icon:

    If you see the red padlock while composing a message
    Don’t send confidential material, like tax forms or contracts, to that email address.

    Fuck that... if you're sending confidential email without encrypting the content, you're already screwed.
    For semi-important information, one should at least digitally sign the content to prove it wasn't modified in transit (ex. this should be used for any contracts, and if it's very sensitive, it should also be encrypted, and not just on the transport layer).

    • by DarkOx ( 621550 )

      How are you going to implement that for web mail exactly? Will you let the sever do it? That means Google gets to assert your identity, and if they ever get compromised we have a whole mess of people sending signed mail with signatures that may or may not be valid and we are back to a more or less unauthenticated situation.

      You could have the client do with JavaScript but that still leaves the door open, if the server is compromised and sends an altered script how can you know?

      You go the traditional instal

      • How are you going to implement that for web mail exactly?

        End to End with something like Mailvelope?

        You go the traditional install plugin route, but then web mail is no more portable than a fat client. There just isn't actually a good answer for this. You can have secure E-mail or portable E-mail but not both.

        People SHOULD be using "webmail" via IMAP with proper e-mail clients Then it's portable because there are mobile mail clients that can support PGP. So yes you can have portable secure e-mail, even on a phone or tablet.

        • by Bert64 ( 520050 )

          Well by portable i guess they mean that it can be accessed from any device without needing to install a client (ie from your work desktop)... From a mobile device that you control is entirely different as you can install whatever encryption tools you want on there.

          While webmail can be convenient, it's also dangerous not only because of the lack of end to end encryption but also because its primary utility (ie logging in from a random place) is its biggest danger - how do you know who's monitoring any given

      • by unrtst ( 777550 )

        Great questions, and they all have answers already.

        Webmail s/mime, pgp, gpg encryption: See [], or [], or similar products.

        Alternatively (or in addition to that), Google could provide a javascript based solution. The private key storage would be an issue, but it could be held server side via zero knowledge encryption (ie. enter password on client side, get blob from gmail, decrypt client side). JS validation is also a solved problem, though it's ugly -

        • by DarkOx ( 621550 )

          The two products you pointed out are essentially plugins, they won't be installed on your friends computer and they wont be on the computer in the Hotel business center. Try again. People like web mail because they don't have to carry their own laptop everywhere they go.

          For this to be even partially true, you would have to assume that all received email is encrypted (rather than just signed).

          No, if you are not in a position to verify the signatures, and sign your replies we are back to essentially have no identity or integrity assurance at all. Only now the non technical person has to remember different rules are in effect wh

          • by jonwil ( 467024 )

            You dont need a plugin, just implement encryption via JavaScript where the private key pairs are stored on the server but encrypted with a secret key derived from a password the server never sees. Server sends an encrypted blob to the client, client inputs a special password which then decrypts their keys.

            All of the communication happens over HTTPS so man-in-the-middle replacement of the JavaScript cant easily be done.

            Is it as secure as having a dedicated setup with keys stored in the client and a plugin on

            • by Bert64 ( 520050 )

              If you're concerned about google reading your mail then such a system wouldn't work, while in theory the javascript performs all its work client side there is nothing stopping them changing the javascript to submit your passphrase to the server. Unless you're going to thoroughly inspect the javascript every time?

          • by unrtst ( 777550 )

            I still see it as either portable or secure, not both.

            There are a million shades of grey between the absolutes.
            Phones are portable, and can be secure, as you noted (and in so far as a phone can be secure).
            Moving yourself between random 3rd party computers with who knows what running on them and checking your webmail from them... yeah, that's never going to be very secure.
            Moving between multiple devices you own... you can certainly use a local mail client, or a plugin, or a javascript implementation with zero knowledge encryption holding the private bits.

          • by Bert64 ( 520050 )

            You can as a minimum implement verification of signatures into a webmail client, as that can all be done server side...

            Users already have to (or should) remember that there's different rules when accessing webmail, in fact you shouldn't be accessing the webui from random machines if you value security at all. You should always carry your own portable device, and access your mail from there.

        • by Bert64 ( 520050 )

          When it comes to mobile, apple already implement s/mime on ios although configuring it is not as simple as it could be (ie even if you have mail accounts synced from a mac it can't automatically transfer your keys).

      • by Bert64 ( 520050 )

        So you're saying that...

        1, users would need to trust google (but clearly they already do or they wouldn't be using their mail service)
        2, the worst case (google getting hacked) would be no worse than the current status quo.

        So basically email signed/encrypted by google would be better than what we currently have, but not ideal. And users are free to pick a different provider and/or do proper client side crypto but most simply don't bother. If gmail started implementing pgp or s/mime even server side and start

    • Use S/MIME, PGP, etc...
      All the transport level stuff isn't going to protect your email or ensure it's not modified in transit (or at the destination or origin).

      Gmail's help on their new icon:

      If you see the red padlock while composing a message
      Don’t send confidential material, like tax forms or contracts, to that email address.

      Fuck that... if you're sending confidential email without encrypting the content, you're already screwed.

      S/MIME & PGP do not hide the sender, receiver or the subject of the email (nor where you sent it from). That information is in the header, and only TLS or STARTTLS will hide it.

      By the way, the TLS-SMTP problems are related to STARTTLS and stupid client software, but not TLS (but cert verification requires DNSSEC for either).

    • by Threni ( 635302 )

      You're telling me that PGP is a serious contender for non-technical people to secure their communications? Seriously?

    • by houghi ( 78078 )

      PGP is great. It has one slight issue: you do not see it anywhere. The reason? It is not pre-installed.

      It would be trivial to add it to Outlook, Gmail, Hormail and any other mail service or program by default. Now it needs action on the users side.

      I would like Email to have PGP by default. Not to hide any content from others (because two people is one to many to keep a secret) but sender verification. Is it my bank that send me the email, or SpammerJohnny who found out you can make your own From in Outlook?

  • by rubycodez ( 864176 ) on Tuesday February 16, 2016 @02:47PM (#51521153)

    Bill Gates said they would solve the spam problem a few years back. Yet my inbox under office365 that my employer uses is a chum bucket of spam, while good cron and batch job emails end up in "junk" half the time. wtf, Gates. billions and you couldn't at least have pushed domain a authentication/verification system?

    • Well, I'm sure than one went pretty quickly into the "too hard" round file in the corner.
      Especially when they found out that it was hard to monetize...

      It's amazing the crap people put up with, (spam, unsecured email)
      It's probably our fault; we've done a reasonable job managing the spam, (which is visible to the user) and a crap one convincing our users and managers to demand secure, encrypted email.

  • Please, this has been available since 1991. 25 years and now there's concern?

    PGP []

  • by Anonymous Coward on Tuesday February 16, 2016 @02:52PM (#51521191)

    I consider gmail to by my biggest threat to the privacy of my email.

    If I want end to end security, well there is a standard for that []. I use it. It works.

    But gmail is close to having a monopoly on email. It isn't quite yet, but almost everyone I know uses exclusively gmail now. That means if I want to email them, Google IS the man in the middle. I can't easily email my friends without giving Google the contents of my email, which they will use to build a profile of me - and I've never signed up for any of their services or estasblished any kind of business relationship with them.

    Furthermore, most small to medium businesses are using gmail.

    Think about this: we used to have a decentralized, non-censorable, email standard that no one entity could control or pervert for their own ends. But the whole world said, "Fuck that, we want one advertising company to see everybody's email!.

    Google is the main threat to the privacy of email today. Like Bruce Schneier observed, they want you to have email privacy from everyone except them.

    • by sims 2 ( 994794 ) on Tuesday February 16, 2016 @03:14PM (#51521375)

      Well if anyone else had wanted to provide a reasonable amount of storage, allow attachments bigger than 4MB, provide both pop3 and imap access, not inject advertising into your outgoing mail, for "free".
      They could have been the largest email provider.

      But no one else wanted to do that for "free".

      • by Anonymous Coward

        Well if anyone else had wanted to provide a reasonable amount of storage, allow attachments bigger than 4MB, provide both pop3 and imap access, not inject advertising into your outgoing mail, for "free".
        They could have been the largest email provider.

        But no one else wanted to do that for "free".

        google won't do it for "free" either if they can't scan your email.

    • by DarkOx ( 621550 ) on Tuesday February 16, 2016 @04:01PM (#51521921) Journal

      Well you have to look at the whole story though.

      Consider all the vulnerabilities that have been found in MTAs, MDAs, and clients over the years. Then consider all the trojans and spam with tracking stuffs, etc. Google filters almost all of the later quite successfully, as to the former for many people and organizations it replaces all those things and so far the infrastructure has been well maintained and resistant to breaches (that we know of). Its also pretty carefully monitored. I suspect the ancient Sendmail install on that old SGI box at your ISP, could have sat compromised for weeks or months before anyone would have noticed in the years before GMAIL.

      When you look at it from all sides its not so clear cut.

    • Google is the main threat to the privacy of email today. Like Bruce Schneier observed, they want you to have email privacy from everyone except them.

      I have an ancient gmail account which dates back to the early, early beta days (back when we had to swap invites on Slashdot). Somehow, every few months somebody new is able to register with the same user name, and I get all their messages delivered to my inbox. Their sent mail doesn't appear in my account, but everything else does.

      Every facebook status message

    • That means if I want to email them, Google IS the man in the middle. I can't easily email my friends without giving Google the contents of my email,

      Who says you can't use PGP with gmail?

    • by GuB-42 ( 2483988 )

      Are you joking? GMail is big but it if far from a monopoly. I'm not sure it is even the biggest.
      In my personal contact list, about 20% have an @gmail address. At work there are almost no @gmail.
      This doesn't cover gmail addresses hidden behind a domain name but most of the companies I worked with were self-hosted or worked with a related provider. For the rest, the biggest one seemed to be Microsoft, with Google as a distant second.
      That's lots of anecdotal evidence but seeing this, I can't believe in a monop

    • by Britz ( 170620 )

      I disagree. Email is broken. Not Gmail. Snowden has shown that all email sent through the internet will be archived by at least two government agencies. Others, government or non government, may also save a copy. Email is inherently unsafe.

      But if you use the same service on both ends, no one, except for the service itself, will ever see the mail. Or the fact that you send one at all. If you send something from one provider to the other, at least the NSA and two providers will have all the info. In Europe we

    • Unfortunately just because all your friends use Gmail, doesn't mean that Google have a monopoly.

      It's a few years old (I couldn't find anything newer), but at least among users who have signed up to mailing lists with Mailchimp Yahoo, Gmail and Hotmail were pretty much neck and neck in 2011. []

  • Wait, what? (Score:5, Insightful)

    by s.petry ( 762400 ) on Tuesday February 16, 2016 @03:03PM (#51521279)

    Some of you will have a hard time with this, but... why is the problem here with SMTP? Is it really that hard to understand that MAIL TRANSPORT is not compatible with HIDE MY STUFF? Good grief people, you can't truly be that ignorant.

    Do you trust that anything you mail through the Post office, FedEX, UPS, or any other mail service is "Secure"? Do you believe it's impossible for people to know what's in your boxes because you use those services? I can provide you a list of drug dealers who thought so too, but they are jailed for that thought.

    Want secure, use secure. Lotus Notes was friggin awesome for securing content. Nobody wanted to pay for it though, and all the cool kids were using Outlook because you could drag-n-drop audio files right into your email (also read fart noises). Many Writing applications have encrypt/decrypt features. Zip has it too, but generic standard email? Come on now.. it's a MAIL TRANSPORT and works very well as a mail transport.

    If you somehow believe "Generic Transport" can also be "Secure", I got some ocean side property you may be interested in buying.

    • Agreed! I'm no email expert, but I've OFTEN wondered why we can't use decent endpoint encryption rather than trying to encrypt the transport... since 99% of all emails I send and receive are to the people I already know... it wouldn't be that hard to exchange keys with them in person. For all others, I can still choose to read email that isn't encrypted, and I can choose to reply, but it would be much easier to know secure vs. insecure if my mail client simply says "you haven't exchanged keys with this re

    • by tnk1 ( 899206 )

      You used "Lotus Notes" and "friggin awesome" in the same sentence. Are you trying to cause Skynet's brain to melt down through a logic bomb?

      Notes may well have been secure, but it was probably the worst mail client that I have ever used, and that includes using 'mail' from the command line. It was horrific, absolutely horrific. It is one of the few software products that I considered leaving a job for when they employed it. Their usage of that product quite literally convinced me that the company hated

      • by DarkOx ( 621550 )

        Well the thing you have to remember about Notes is mail was a bit of an after thought. Notes was really about the 'databases'. You could rather easily develop very complex multi-user applications, with offline replication. That mattered a lot in the early 90's when you did not 'VPN' but dialed into home office. Notes replication was amazing.

        From a technical perspective Notes is probably one of the more interesting software systems ever developed. It was born of a time when clients were pretty limited a

      • by s.petry ( 762400 )

        Your personal anecdote makes me believe that you have no knowledge or experience with the product and are just ranting. Comically, by falsely claiming I said "Lotus Notes is Awesome" in a general terms instead of what I said. Which you can go back and read.

        Outlook lets you "work" and "Notes" stopped you and made you angry? WTF is your job exactly where you can't type in an editor if it's not the right brand? Don't answer that, I'm not sure we want you on a homicidal rampage having to type in a web clien

        • by tnk1 ( 899206 )

          I have both knowledge and experience with the product, unfortunately.

          I'm not entirely certain how you go from Point A to Point B with me having no experience with it. Why would I hate it if I had never used it?

          No, my experience using it is very, very real. Which leads me to ask if *you* have ever used it, because if you have ever used Notes for mail, you know it isn't the difference between merely an editor. Everything in the mail client was a hassle from adding recipients to actually sending the mail.


          • by s.petry ( 762400 )

            Sounds to me like if you used Notes, you used a poorly managed (if it was managed at all) implementation of Notes. I had some admin rights, but was not a Notes admin. The To, CC, BCC were/are no different than Outlook or other Mail clients. In fact, caching names and addresses from received mail was done in Notes long before other mail clients did it. It was simple to send mail to anyone, especially people who sent you mail, unless your admins turned things off or didn't set them up correctly..

            Now, how

            • by KGIII ( 973947 )

              Above, I was talking about Lotus. I was tasked with admin duties 'cause, well, it was mine. It was not *easy* to admin? Well, it was highly configurable (for the day) and not exactly always as clear as it could be. There was quite a bit of trial and error, RingTFM, and finding new and interesting ways to break it - albeit unintentionally. It had some neat ways to approach the data, I'll give it that. But I'm not sure I'd call it easy - it might be for people more skilled than I. I did not find it all that e

      • by KGIII ( 973947 )

        As we started to expand, I needed something quick and easy. I was also one of only a few people at that time. So... I hunted around and I even took a peek at a few different products. Lotus it was... It was, indeed, horrible. It also managed to break in some of the most unusual ways. Thankfully, I think I've burned out the brain cells that were devoted to Lotus knowledge.

        Oh, it was "okay" when it worked. We didn't need much, small attachments, and the database was handy to access. We mostly abused the hell

    • by bytesex ( 112972 )

      Crypto in Lotus Notes was deliberately debilitated by the US to something ridiculous like a few tens of bits. Don't say that Notes was secure. The principle? Sure. The execution? Not so much.

      • by s.petry ( 762400 )
        I was using Notes in the Military/DOD and it was using 128bit encryption before it was available to the public, so it depends on where you were. Remember that back in those days we had strict laws prohibiting export of any product with encryption built in that the Government did not approve. I remember 128bit encryption being slow as hell, so people complained when we moved from 56bit.
    • by AmiMoJo ( 196126 )

      When I send stuff through the post I hide it in an envelope. The envelope isn't very secure, it's not hard to steam open and it leaks metadata that is sent in plaintext on the front. Despite that, it's still useful and effective. It stops the government and the Royal Mail systematically reading every single letter.

  • Great, so this gets you end-to-spam filter encryption. Anyone who has their email delivered to a 3rd-party for spam filtering could appear secure but would only be secure for the first hop. False sense of security.

  • I had someone contact me about my server -> gmail as I host a number of mailing lists and other technical resources. After much research it seems the only way to fix it is to hard code that gmail and other locations are to be encrypted vs the default opportunistic encryption of "if they offer it, try it".

    There are a lot of things that should be addressed here to ensure data is properly encrypted, this is easy and a solvable problem but at least for postfix I had to enter some custom maps which the softw

    • I'm past the UUCP days, I don't want to maintain a map of who can do things and who can't

      Let me refresh your memory about some aspects of what you're "past", on the perfectly reasonable assumption that I did a lot more UUCP routing than you (and really, more than practically everyone).

      UUCP maps were just an out of band and not-very-frequent node-adjacency flood, which let one construct a graph from which one could extract directed acyclic subtrees using Dijkstra's SPF. Just like OSPF. Just like ISIS. T

      • My comment re: UUCP is having to manually configure for each site I want to distribute mail to. I'm not worried about STARTTLS stripping, I want to avoid building a full list I have to maintain manually. This is mostly a postfix issue (for me) that it's not aggressive enough in using the STARTTLS offered by the far-side.

  • Ive run my own mailserver for quite some time as both a mark of hacker pride and a means of circumventing what has historically (until google started giving a shit because snowden made them) been a very lax SMTP ecosystem. I use the DJB curve primes, i use 256 bit tls 1.2, i use multifactor, but as for other mailservers? crypto doesnt seem to be even a slight consideration. ive had to leave it enabled opportunistically on my mailserver, however most of the time I fallback and dont use it.

  • by PAjamian ( 679137 ) on Tuesday February 16, 2016 @03:36PM (#51521647)

    Google is trying to force servers to use STARTTLS encryption for port 25 MX traffic, this is all commendable, but they are giving their users a false sense of security. When gmail does not display the broken padlock it simply means that the first hop to the recipient's MX server supports STARTTLS, but mail is routinely stored in plain text queues on multiple servers, transmitted on in additional hops that are not necessarily encrypted, and even the first hop encryption often times uses self-signed certs or certs signed by non-authoritative CAs, so the message being sent, while being encrypted is still vulnerable to man in the middle attacks.

    But Google is giving the impression that if that first hop offers STARTTLS, then the message will be sent securely and encrypted. This will result in people putting all sorts of credit card details and other information in their emails thinking (because Google said so) that the message is secure, when nothing could be farther from the truth.

    Google needs to stop this right away, it's going to do way more damage than good. There is only one way to hide the content of an email from prying eyes and that is with properly implemented PGP encryption. There is no way to hide the meta (envelope) data from prying eyes. It is really important that people not be misled on this account.

  • I downloaded the end-to-end code [] built it and ran some tests. I reported one bug to them (no biggie, just a mismatch with some libs they depend on). They were quick to respond, update their build and thank me. However there hasn't been any activity there for months. Yahoo had joined in and said they were putting it into production (but I don't use their mail so I have not seen it).

    Has anyone any idea what's happening with Google End-to-End ?

    • by jonwil ( 467024 )

      It wouldn't surprise me if the US government or the FBI or the NSA or someone have quietly leaned on Google and said "please stop working on this plugin of yours because it will make it harder for us to catch the terrorists and pedophiles and other bad people" with an implied threat of something more serious if Google didn't just drop it.

  • by gweihir ( 88907 ) on Tuesday February 16, 2016 @04:12PM (#51522035)

    You are calling for link-encryption. That is obvious nonsense for email. Proper email encryption is end-to-end and does not trust the transport at all.

    Incidentally, this problem has been solved since 1991 with PGP.

    • by Anonymous Coward

      The reason people don't use PGP is because of the name Pretty Good Privacy makes it sound amateurish (that and the initialism PGP is too similar to PHP). Maybe they could get more users if they called it Good Privacy or Very Good Privacy, but I know there's a local-maximum trust in there somewhere because I think trust would go down if they called it Excellent Privacy or Perfect Privacy.

      IMO, more people would consider using it if it used an animal name or some name from mythology.

      • by allo ( 1728082 )

        People use computers, which are named like fruit. And operation systems from companies, which are named like some detergent. Their text processor's name implies you may only write one word and so on.

        Nope, names aren't important. Ask the novice users, if they even know, what PGP means.

  • by Khyber ( 864651 ) <> on Tuesday February 16, 2016 @04:34PM (#51522235) Homepage Journal

    This company lives off of mining your data and violating your privacy. You expect them to allow you to fully protect your communications to the point where they can't figure out how to advertise to you?

    Give me a fucking break.

  • Given they can't even maintain a steady cert I'm not expecting too much.
  • Yeah, start teaching the users, that something is secure, if a lock appears INSIDE the website (or insecure, if its a broken lock). Because err nobody would ever use this to tell the user the fake banking website is as secure as the email on gmail.

The Macintosh is Xerox technology at its best.