[pay UI] Paypal login cannot be assured to be from paypal
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical System Image |
Confirmed
|
Medium
|
Alejandro J. Cura | ||
Ubuntu UX |
Triaged
|
Medium
|
Paty Davila | ||
pay-service (Ubuntu) |
Incomplete
|
Medium
|
Unassigned | ||
webbrowser-app (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When paying for an app with Paypal, the Paypal login screen is presented in an Ubuntu wrapper. There is no indication on this page that I'm actually looking at paypal.com rather than being phished or that some bad DNS has pointed me to a wrong site. The padlock in the top corner doesn't indicate anything I'm inclined to believe -- is it showing that the connection is https? Has it verified that I'm really talking to Paypal? How can I know that? This is encouraging people to type their Paypal password into phishing sites. The previous step in the purchase process, where I'm choosing which payment system to use, also displays a padlock, and that hasn't connected to any payment site at all.
affects: | unity-scope-click (Ubuntu) → pay-ui |
summary: |
- Paypal login cannot be assured to be from paypal + [pay UI] Paypal login cannot be assured to be from paypal |
Changed in ubuntu-ux: | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Paty Davila (dizzypaty) |
Changed in canonical-devices-system-image: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Alejandro J. Cura (alecu) |
milestone: | none → backlog |
affects: | pay-ui → pay-service (Ubuntu) |
I think this is a valid concern.
Anyway, the info shown by the padlock bubble should be the same as what the browser shows when visiting the same page. Would showing extra info there provide more assurance?
Perhaps opening the browser instead to complete the payment is a better solution?