There's this nice blog [3] that explains why they chose Shift instead of other keys, and also gives a nice overview of the pattern.
[1] https://design-system.service.gov.uk/patterns/exit-a-page-qu... [2] https://design-system.service.gov.uk/components/exit-this-pa... [3] https://beeps.website/blog/2024-10-09-why-govuk-exit-this-pa...
> As a result of advertising people being bastards,
The gov.uk Design Team are a treasure.
The whole blog is! I do enjoy the furry, aro-ace, agender, otherkin, machinekin and plural-system subcultures.
Windows Sticky Keys entered the room.
- Escape is simply unusable.
- Alt alone leaves the viewport and goes to menu, making further keypresses unregistered
- control is inconsistently placed on keyboards (e.g. laptops) which they don't say directly in the blog, makes extra sense if you recall it suggests not using devices the abuser might be admin/monitoring (public devices, friend devices, etc). It also is highly selected by other assistive technology products just like sticky keys.
They also recognized the issue... And tested it against JAWS and using it with on-screen keyboards
Seems they were very thorough.
0: https://beeps.website/blog/2024-10-09-why-govuk-exit-this-pa...
Note: this is the same link as in the grandparent post
And then the spamming of the communication that would follow.
Those pre-canned German voices were so great.
> Interruption page
> Create a page to explain Exit this page to users.
> You must show this page after the start point of your service, but before the page where the user will see the Exit this page button for the first time.
> On longer services, you might need more than one interruption page.
> If you are experiencing family violence, don't worry, the information within this pop-up won't appear in your browser's history.
Pages like Banks or Council websites have it in their footer, so people can lookup information without it appearing in their history
(a class="quickBrowserEscape ..." target="_blank" href="https://www.google.ca/") Need to leave site for your safety? Quick Escape
$('.quickBrowserEscape').on('click', function () {
document.body.style.opacity = 0;
document.title = 'New Tab';
window.open('https://www.weather.gc.ca/canada_e.html', '_blank');
window.location.replace($('.quickBrowserEscape').attr('href')); // removes current page session DOES NOT WORK IN IE
return false;
});
Would recommend picking random URLs from an array.Currently they're going from a "not 100% bright website" to "very much 100% bright website" and the flash in people's faces will be relatively obvious, if the other person been trying to hide websites themselves. I've heard.
The thing that still works is the back button after the redirection to Google, and you can still un-close the tab with Ctr-Shf-T which pops the Google page with back history intact. They have "cache-control: max-age=0" which probably should be changed to "cache-control: no-store". Still, the back button has the history if the user clicked links. Improvements could be:
- Recommend the usage of incognito mode.
- Blank the page immediately with "document.body.innerHTML=''" before the page replacement, as the replacement alone can have a delay and the abuser could see a glimpse of the police page. Blanking is immediate.
That's what the "document.body.style.opacity = 0;" is for. Though I agree emptying out the body is probably better.
https://www.npr.org/sections/alltechconsidered/2014/09/15/34...
It’s so prevalent it even has a name.
https://en.wikipedia.org/wiki/Stalkerware
Don’t underestimate an abusers ability to find a way.
I am 100% sure that some do, thanks to firsthand life. And any doing it, is enough to get people dead, even if 99% don't. And yes, CS majors can be abusers, too.
[0] https://www.esafety.gov.au/key-topics/domestic-family-violen...
E.g. go to govt.nz and scroll to the bottom. There's a little icon of a computer that opens a popup element inside the page.
It gives information for victims of domestic violence and abuse.
Another thing that looks awesome, from a public service perspective, the zero data (phone plan) offer. From what it sounds like you don't have to pay for data on your phone plan: https://www.govt.nz/browse/engaging-with-government/no-data-...
That is public service! Well done.
It is important to make it as easy as possible to get to the main content of the site.
This pattern is definitely better than most and it is refreshing seeing they put some resources into it. In my professional experience, organisations often chose the "a link to another site like google is fine" option to save money and time while still getting to boast about their security culture.
One thing I have not found much research on however, but would love to hear about, is the effect of these kinds of patterns on the user's speed and choice of actions and how that effects outcomes. What I mean by that is, say someone is visiting the site on their phone and an adversary walks into the room. Most people these days know the fastest way to leave a page at short notice - maybe the home button/gesture, maybe swipe to another open app. Does having a big red button that introduces a new choice help them, or add to the cognitive bandwidth needed to handle the situation?
Remember, by definition the type of situations that this component is intended to help with are going to be stressful and likely have little to no warning; the person is going to walk in the room and the user has moments to act.
What is going to lead to measurably better outcomes; a big red button that the user needs to read, understand and move their finger/hand to, or their own knowledge of their own device's most efficient escape mechanisms?
This isn't meant as a criticism of the component. I am just genuinely curious as to what the best tool to assist folks in this situation is? We are talking about real people with real fears and the possibility of very bad outcomes.
The other site someone mentioned (https://www.thetrevorproject.org/) doesn't have that issue.
This is a good idea that deserves to be across all Police, Help, Domestic Violence, 911, Suicide Hotline, etc sites across all countries.
Been there for probably decades, yet another thing mostly known to/used by "advanced" users.
So if accidentally clicking some link from some other app that auto opens the default browser it's a PITA to get FF for Android to forget about it.
A quick wipe and that didn’t happen. Works wonders.
Why don't they inform users about how to properly use private mode, which works with any website, instead of rolling their own solution, which the user has to learn just for that one website?
On top of that, informing users requires them to open up the website in the first place… leaving it in… the history.
This page serves the 0.01% most vulnerable.
Do you mean something you verified is happening or something you assumed is happening? You can go look at the site OP linked and find out what is happening and if it's a "major security issue". In this case, after user click/intervention, it renames the current history entry to "New Tab". This is not a security issue at all.
This is known and commonly used -- since 1996. What's the risk? You can't change records about other domains.
Not what I asked but I'm glad you're doing okay! I share your concerns.
If you need to hide your browsing history from an abusive partner, it would be more secure to use incognito mode and hit Alt+F4 when you need to escape. Unfortunately, Chrome renders incognito windows in dark mode by default. If you're normally on light mode, the transition is extremely conspicuous. Edge and Firefox do the same. It's as if all browser vendors have colluded to make it difficult to browse in secret.
browser.theme.dark-private-windows. Set to false, and you're set.
It's good that a police department has chosen to do this with the misfeature, but the fact that there are non-abusive applications is not an excuse.
Many of the perceived issues come from (I'll say it) corrupt judges who let out career petty criminals on a bail-less "promise to appear." Some officers report arresting the same person twice in one shift.
At least it's not TPS, where the chief likes to protect officers who commit perjury in the name of framing an innocent man for a Sergeant's suicide.