Update official government banner text #3524
Conversation
|
Thanks for taking the time to revise this text, and for tagging me on it! Overall, I really like the simplification of the text, and I think this improves the banner. Some thoughts and suggestions below:
|
|
Just noting for those reading only over email, that I merged a subsequent comment into my larger one above, and made a bunch of edits to it. :) |
|
Thanks for the tag, @thisisdano. I agree with @konklone on the awkwardness of "A website ending in .gov indicates it is an official U.S. government organization." I'm concerned with it for an additional reason. Recognizing your field of interest (and remit) is "federal government websites", I'm concerned the text perpetuates the common but incomplete notion that .gov is for "U.S. government organization(s)", which I suspect most people will read as "U.S. *G*overnment organization(s)". This misread leaves people with a substantially limited view of what .gov is, since 80% of .gov domains are registered by non-USG US-based city, county, Native American, territorial, or state governments. For me, this connotation leads to negative outcomes in and outside the USG.
On mixed content (where HTTP resources are embedded in HTTPS content), I agree that this language doesn't make it worse. I think there's value in making the text resilient to mixed content cases, but I think this is headed that way since users will see something other than a standalone 🔒 or https:// in their browser. (FWIW, I saw at least 3 mixed content warnings on federal .gov sites last week. We have work to do!) I like @konklone's suggested reword, but I would also be happy to see both elements continue to stand alone as long as it's clear both elements together constitute "how you know" something is official. |
|
Good morning from Oregon. - Eric, Cameron - good to see your names again from the security listserve. I retired last December. A couple of thoughts on the 'Here is how you know' drop down. It seems to me that someone reading this text is doing so in the context of a specific web site (e.g. www.fs.usda.gov - my former agency). The banner text is phrased to target federal (or .gov) web sits more generally. Perhaps it would be beneficial to have templated text that the agency web master would modify for their use for that agency. For example the template might be: title "The xxxx.gov means it's official". supporting text: "All XXXX [department | agency | bureau] web sites end in [.gov | .mil]. Before sharing sensitive information with this agency, make sure you are on an [department } agency | bureau] site." And the agency web site might display: "The fs.usda.gov means it's offical.", and " All US Forest Service web sites end in fs.usda.gov. Before sharing information with the agency, make sure you are on an agency site." Some slight modification to the https/lock banner could be made to reference the specific agency or site. Brad Smith |
|
Hi everyone (and also good @konklone You make good points about HTTPS, and I think your edits are clear improvements to correctness, completeness, and syntax. @h-m-f-t Do you think that these changes worsen confusion over the scope of .gov? (That is, is this language more confusing than the existing language?) While we've developed this banner for federal sites (which I read in your comment as capital-G Government sites), the information should still be broadly accurate. Is there anything we might say in a component like this that would help? @buckaroogeek I appreciate the sentiment here, but I am concerned about opening up the language to interpretation and customization. While I think that specificity could help clarify in individual specific situations, it's important that this banner give a consistent message from usage to usage, across sites and agencies — that the pedagogic role of the banner is best supported by consistent, universal usage and language. Does this feel like an appropriate synthesis of your comments?
I would like to work to an acceptable synthesis here, then bring it back for some additional internal review. |
If not worsen, they maintain a pattern that oversimplifies in a way that is detrimental to clarity. On my end, the sole offending phrase is "U.S. government organization". I'm concerned that this language, even if only deployed on federal government websites, perpetuates the notion that .gov is used only in the US Government. But I think if you flipped the language around it would be more accurate and less likely to be misinterpreted, albeit slightly longer:
|
|
Thanks for tagging. "website ending in .gov" - this could confuse in two ways. First, web addresses often have the .gov in the middle if someone is linked to agency.gov/leadership or something. Second, the "web address" and the "website" are different. (we might have had this discussion in the past, full disclosure I would instead say either:
Or
|
I appreciate the distinction, but I think most people don't know what a "domain" is, and browsers have evolved over the last several years to emphasize the domain and de-emphasize the path so that people don't have to. I went and took some screenshots just now in some major browsers: Firefox: Edge (the new Chromium-based version): Chrome: I don't have Safari handy to screenshot, but they are the most restrictive and don't show the full URL at all right now. People publish guides for power users on how to enable full URL view, but most people won't do that. Without commenting beyond what's public, I'll also link to a Chrome bug tracking some work on simplified domain display. So, given all of that, I think it is imperfect-but-safe to say "ending in .gov", and overall the simplest way to describe it. And on @h-m-f-t's prior comment:
I don't think we need to rabbit hole on it too much here, as I think the proposed language accommodates this just fine, but I wasn't referring to "mixed content" as it's currently implemented in browsers in the sense of embedded resources. I meant insecure form targets, meaning that the form was delivered securely, but submits data to the website in plaintext at submit-time. This is a security risk that (like mixed content) descends from the legacy unencrypted web, but that (unlike mixed content) I'm not aware of any browser currently surfacing to the user in any way. Hopefully that will change over time, but just wanted to clear this up for anyone reading the thread. |
|
Also, to @h-m-f-t's wording suggestion:
I support this change - it is very slightly wordier but much more obviously inclusive of non-federal governments. There is a huge push to get non-federal governments to use .gov domains, particularly since federal elections are primarily administered by state and local governments and we want the public to have an easier time telling official sources from unofficial sources. (The same change wouldn't need to be made to .mil, of course.) |
|
Dropping “ending in”, I could also go for:
Thanks for taking the time to solicit feedback, @thisisdano! |
|
@thisdano - Yes thanks for the chance to provide feedback. Portland area?
Bend, here.
Two alternatives to Cameron's last succinct sentence depending on whether
the focus is on the general case for all *.gov site or the specific case
for an agency/bureau:
"This .gov website is an official web site of this government agency in the
U.S."
or
" All .gov websites belong to an official government organization in the
U.S."
Best
Brad
…On Wed, Jul 1, 2020 at 2:48 AM Cameron Dixon ***@***.***> wrote:
Dropping “ending in”, I could also go for:
A .gov website belongs to an official government organization in the U.S.
Thanks for taking the time to solicit feedback, @thisisdano
<https://github.com/thisisdano>!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3524 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAKDYHTIFSIEGICJDTIBKGDRZMA6FANCNFSM4OIMEMZA>
.
|
|
This has been a useful discussion and I'm pleased that we're making meaningful progress. Thank you all so much. I'd like to propose some new updates:
Do you find this to be an accurate synthesis of your proposals? |
|
This works for me, and I like the expansion of 👏 🇺🇸 |
|
Works for me also. Not that I have a vote :)
Brad
…On Wed, Jul 1, 2020 at 1:33 PM Cameron Dixon ***@***.***> wrote:
This works for me, and I like the expansion of U.S. (though that's captured in the banner if any more concessions to char count are needed).
🇺🇸
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
I like these. But now I have one small quibble with the I feel like there were a few other weird anomalies, but I no longer remember them - that's the only one I recall off the top of my head. |
|
To offer a suggestion for the .mil text that is likely safe to run with:
|
|
We were drawing our .mil guidance from this DoD guidance publication (specifically, page 6) — understanding that there are almost always some quirks. That said, I'd feel comfortable with |
|
👍 to the updated version. FWIW, @konklone convinced me that "ending in .gov" is also ok, but unless scam sites routinely have .gov.com domains, I think the new version is good! Thank you! |
Nice find! And yeah, totally understand that nothing will be 100.0% perfect when it's aiming to be pithy and accessible to laypersons. 👍 to the updated versions either way. Thanks for leading a productive discussion and for pushing this forward! |
|
This PR commits the following banner copy. Thanks everyone for helping us improve this important component! .gov domains
.gov domains (Spanish)
.mil domains
.mil domains (Spanish)
|
|
Note: A copy/paste error of mine resulted in the wrong text getting into the final PR. I fixed it in d54e6a3 and we will release with the proper text. Sorry for any confusion! |
|
<3 |
|
Found this thread through a tweet, and was curious if for |
|
There is a typo above in @thisisdano's comment that @miklb might have been referring to:
But yeah, in the actual commit, it's done through a variable and should be right. |
|
Yes, this has been a bit of a copy/paste nightmare, but the documented versions on https://designsystem.digital.gov/components/banner/ and in the codebase are correct. But that typo made its way into the release notes and I’ve now updated it there as well: https://github.com/uswds/uswds/releases/tag/v2.8.0 |
|
hey y'all, indeed I was reading from the message, and checking the subsequent commit from my phone for the typo, I didn't catch that was what was fixed. Thanks for the prompt and courteous replies. And more importantly, thank you for your service. |
|
@miklb It's a pleasure to serve - thank you for the note! |
The USWDS banner has a few key responsibilities:
This pull request incorporates feedback we've received on the banner over the last year or so, along with a review of the language by GSA subject matter experts. This change hopes to convey a few key enhancements:
Default (Preview)
Spanish (Preview)
.mil (Preview)
We also recognize that this text and guidance may change over time (perhaps the lock may go away as well), and that this makes it even more important that we improve how we're able to communicate these changes to downstream users. So we'll be working to promote this change through notifications, direct outreach, public meetings, and social media. Future versions of the design system might make it even easier to stay up to date.
This change will also require a guidance update to uswds-site.