Rendered at 19:42:51 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
quirino 18 hours ago [-]
The gov.uk Design System calls this the "Exit a page quickly" pattern [1], with an associated component [2]. It can be activated by clicking the Shift key three times.
There's this nice blog [3] that explains why they chose Shift instead of other keys, and also gives a nice overview of the pattern.
> As a result of advertising people being bastards,
The gov.uk Design Team are a treasure.
gib444 10 hours ago [-]
> That blog entry is a delight to read!
The whole blog is! I do enjoy the furry, aro-ace, agender, otherkin, machinekin and plural-system subcultures.
greengreengrass 8 hours ago [-]
Seeing the level of thought that went into user experience design, research, and arguing for the _right_ page to redirect to is such a delight.
Engineering (as with so many professions) is about so much more than just shipping features as quickly as possible, and it pleases me when I see fellow engineers taking care and showing thorough consideration over the potential impact of their design decisions on people from all walks of life and circumstances.
pdpi 11 hours ago [-]
I'm surprised that the blog doesn't mention what, to me, is the most obvious reason not use Esc — because it's conspicuous as all hell! If somebody's at risk and wants to hide what they're doing, their abuser seeing them repeatedly hit Esc just screams "I'm trying to hide something".
therein 16 hours ago [-]
>It can be activated by clicking the Shift key three times.
Windows Sticky Keys entered the room.
ldoughty 10 hours ago [-]
The blog[0] explains their choices well. The brief highlights:
- Escape is simply unusable.
- Alt alone leaves the viewport and goes to menu, making further keypresses unregistered
- control is inconsistently placed on keyboards (e.g. laptops) which they don't say directly in the blog, makes extra sense if you recall it suggests not using devices the abuser might be admin/monitoring (public devices, friend devices, etc). It also is highly selected by other assistive technology products just like sticky keys.
They also recognized the issue... And tested it against JAWS and using it with on-screen keyboards
Note: this is the same link as in the grandparent post
wongarsu 8 hours ago [-]
That only activates when pressing shift five times. Which is admittedly likely when trying to press it three times in a panic
But having a stray sticky keys window open is not too conspicuous
bonesss 8 hours ago [-]
The sticky-keys window often comes with a sharp notification screech.
lostlogin 16 hours ago [-]
Hilarious memories of hitting this when playing Return to Castle Wolfenstein.
brookst 15 hours ago [-]
For some reason I tap shift when thinking. Sticky Keys is my bane.
ninalanyon 12 hours ago [-]
You can turn it off.
brookst 6 hours ago [-]
Yes but you have to remember to turn it off later, when you’re not concentrating hard.
RALaBarge 9 hours ago [-]
Right, but it will get re-enabled on updates or something...it never stayed off for me.
throw1234567891 9 hours ago [-]
Write yourself a script and run it on log in.
taskforcegemini 12 hours ago [-]
but where would be the fun in that
butlike 15 hours ago [-]
Was this a shared memory, specifically with regard to Sticky Keys and Return to Castle Wolfenstein? I thought it was a unique problem with me and my friends lol
lostlogin 14 hours ago [-]
It was pure comedy when someone hit it mid-engagement.
And then the spamming of the communication that would follow.
Those pre-canned German voices were so great.
tauntz 12 hours ago [-]
RTCW:ET and sticky keys!
xeyownt 15 hours ago [-]
This is nice but how, as a user, do you learn it exists?
ronsor 13 hours ago [-]
They do explain this:
> Interruption page
> Create a page to explain Exit this page to users.
> You must show this page after the start point of your service, but before the page where the user will see the Exit this page button for the first time.
> On longer services, you might need more than one interruption page.
12 hours ago [-]
dheera 16 hours ago [-]
[flagged]
danielrmay 16 hours ago [-]
Asylum-seekers, domestic abuse victims, sex trafficking victims, indentured servitude and modern slavery, etc. Access to guidance on government websites represents a way out of society's most dangerous situations for vulnerable people, and getting caught browsing the wrong help article can be risky. Automated intelligent surveillance isn't outside of the realms of the imagination, either, which is troubling
stingo1 16 hours ago [-]
I suppose it's more for people trapped in abusive relationships
infinite_spin 16 hours ago [-]
yeah, this is like calling 911 and ordering a pizza, the goal is for a victim of abuse to hide their intentions from their abuser
ghostpepper 16 hours ago [-]
I believe this is also why 911 doesn't show up in iOS/Android call logs
staplers 15 hours ago [-]
That and they dont want butt dialing 911 to be easy
sublinear 15 hours ago [-]
Quickly press the power button 5 times if you have an android phone and see what happens. This has got to be the absolutely worst idea ever and it's enabled by default!
OJFord 13 hours ago [-]
It asks you in first-time set up if you want it. 'Yes' might be the default selected option, but it's not like opting out requires you knowing about it and going looking for it.
sublinear 2 hours ago [-]
Do you really have faith this would be disabled by choice if you tried it on a random android phone? If they haven't already disabled it in rage after finding it on accident, I'm pretty sure that person would be terrified upon you making them aware. The first-time setup process isn't consistent across devices and never will be.
You can try to argue this down and reason about it all you want, but it's still a bad default regardless of how it's presented to the user. It's also bad design because it conflicts with similar defaults such as the shortcut to open the camera (press power button twice), silencing an incoming call (press once), etc. People may also press multiple times when the phone seems unresponsive.
You'd expect the resurgence of bad defaults to be motivated by marketing or something, but this one is just outright stupidity.
There's a part of me that is fairly convinced this was added as an afterthought after much internal whining by someone at google with a checklist insisting that android must support some easily accessible emergency feature. This was then deliberately chosen to make the feature look bad, and the users are victims of office politics.
mplewis 15 hours ago [-]
There are many reasons you would be on the police's website if you're in any kind of danger
Titan2189 19 hours ago [-]
Some New Zealand Government / Business sites have a Javascript-based pop-up available called Shielded Site https://shielded.co.nz/
> If you are experiencing family violence, don't worry, the information within this pop-up won't appear in your browser's history.
Pages like Banks or Council websites have it in their footer, so people can lookup information without it appearing in their history
phillipseamore 19 hours ago [-]
(a class="quickBrowserEscape ..." target="_blank" href="https://www.google.ca/") Need to leave site for your safety? Quick Escape
$('.quickBrowserEscape').on('click', function () {
document.body.style.opacity = 0;
document.title = 'New Tab';
window.open('https://www.weather.gc.ca/canada_e.html', '_blank');
window.location.replace($('.quickBrowserEscape').attr('href')); // removes current page session DOES NOT WORK IN IE
return false;
});
Would recommend picking random URLs from an array.
embedding-shape 12 hours ago [-]
Best would be if they took care to match the overall brightness of the page they redirect to.
Currently they're going from a "not 100% bright website" to "very much 100% bright website" and the flash in people's faces will be relatively obvious, if the other person been trying to hide websites themselves. I've heard.
18 hours ago [-]
shakna 16 hours ago [-]
This would also leave intact cookies, local/session storage, indexeddb, caches. All of which abusers do actually check, when controlling their victims.
otherme123 13 hours ago [-]
A quick check shows that they don't store anything as cookies or any other browser storage.
The thing that still works is the back button after the redirection to Google, and you can still un-close the tab with Ctr-Shf-T which pops the Google page with back history intact. They have "cache-control: max-age=0" which probably should be changed to "cache-control: no-store". Still, the back button has the history if the user clicked links. Improvements could be:
- Recommend the usage of incognito mode.
- Blank the page immediately with "document.body.innerHTML=''" before the page replacement, as the replacement alone can have a delay and the abuser could see a glimpse of the police page. Blanking is immediate.
jorams 10 hours ago [-]
> Blank the page immediately with "document.body.innerHTML=''" before the page replacement
That's what the "document.body.style.opacity = 0;" is for. Though I agree emptying out the body is probably better.
make3 14 hours ago [-]
I'm sure 99% don't? Unless your abuser is a CS major
shakna 13 hours ago [-]
Have fun exploring the list of things we've caught abusers actually using. [0] Or don't. Reading and keeping your soul intact aren't compatible.
I am 100% sure that some do, thanks to firsthand life. And any doing it, is enough to get people dead, even if 99% don't. And yes, CS majors can be abusers, too.
Don’t underestimate an abuser’s ability to find a way.
alexpotato 7 hours ago [-]
PSA:
If you ever call 911 and order a pizza, many of the dispatchers are trained to recognize that as "I am in danger and I need an officer to come to the house immediately. The person threatening me can hear this conversation."
It works b/c it gives you a plausible reason to give your address to someone over the phone and they can give you an ETA which is also plausible of "the pizza guy will be here in 20 minutes" etc.
CarlJW 19 hours ago [-]
In New Zealand we have a Shielded Site popup at the bottom of all government websites, and many popular privately owned websites too.
E.g. go to govt.nz and scroll to the bottom. There's a little icon of a computer that opens a popup element inside the page.
It gives information for victims of domestic violence and abuse.
tom1337890 16 hours ago [-]
Thank You for that. The popup, the monitor icon, being implemented as an iframe popup seems actually effective against browser history and cookies, sessisons, etc. I guess much better then Vancouver PD implementation.
Agreed. If the content isn't really designed for the wide world, the www hostname seems to be self-defeating, or at least describing the wrong thing.
Cub3 17 hours ago [-]
This is amazingly pedantic, I love it.
vasco 13 hours ago [-]
So how do you agree? You're saying the opposite they said.
jagged-chisel 10 hours ago [-]
Whether the former forwards to the latter, or the latter to the former is not the important part.
It is important to make it as easy as possible to get to the main content of the site.
ceejayoz 18 hours ago [-]
NASA.gov for many years lacked a no-www version. IIRC it had something to do with the no-www being important internally at the time.
dd8601fn 17 hours ago [-]
It’s been a very long time, but as I recall MS recommendations for AD domains and dns collisions changed multiple times. Used to be real problems if you had overlap.
b112 9 hours ago [-]
These days, browsers absurdly try things like adding www. if you don't have it, and there's no open port. Same for http -> https.
This is doubly an issue, as browsers think hiding the http and www is super cool.
So in modern times, you'd never know if the non www was borked or not. It'd just seem slower, especially with a packet drop.
Ideally, you'd want to know there's an issue, not mask it. For example, by updating your bookmark, instead of saying "this site is slow every time".
I wonder of we'll just stop selling forks, because expecting users to learn a tool is verboden. In truth, it is the ridiculous change to tools for no reason which is the issue. Redesigning the UI almost yearly, moving menu items, changing menu item names, and other absurdities. Apparently this is all sensible, whilst expecting the user to know https vs http, and www is absolutely bonkers, and we must help and protect them from this horrible weight of knowledge.
tjpnz 17 hours ago [-]
Stuff has it too.
skoskie 4 hours ago [-]
I built something similar at https://ictsos.org, which is a human trafficking nonprofit.
But in testing, I found that history deletion was not possible everywhere. I opted to open a new tab with a harmless google search, so that the history would not exist in that tab. Meanwhile, the original tab is also redirected to a new page.
I'm going to investigate what the UK site did to look for any potential improvements I can make.
tanbog100 17 hours ago [-]
I've implemented quick exit/escape buttons for a few organisations over the years and have spent a bit of time thinking about the limitations.
This pattern is definitely better than most and it is refreshing seeing they put some resources into it. In my professional experience, organisations often chose the "a link to another site like google is fine" option to save money and time while still getting to boast about their security culture.
One thing I have not found much research on however, but would love to hear about, is the effect of these kinds of patterns on the user's speed and choice of actions and how that effects outcomes. What I mean by that is, say someone is visiting the site on their phone and an adversary walks into the room. Most people these days know the fastest way to leave a page at short notice - maybe the home button/gesture, maybe swipe to another open app. Does having a big red button that introduces a new choice help them, or add to the cognitive bandwidth needed to handle the situation?
Remember, by definition the type of situations that this component is intended to help with are going to be stressful and likely have little to no warning; the person is going to walk in the room and the user has moments to act.
What is going to lead to measurably better outcomes; a big red button that the user needs to read, understand and move their finger/hand to, or their own knowledge of their own device's most efficient escape mechanisms?
This isn't meant as a criticism of the component. I am just genuinely curious as to what the best tool to assist folks in this situation is? We are talking about real people with real fears and the possibility of very bad outcomes.
dinkelberg 11 hours ago [-]
It doesn't seem to work in Safari on iPhone correctly. When I click on the Back button (from weather.gc.ca), it goes back to the Vancouver PD site. Therefore I do not think that it is built well.
This feature could be potentially be activated whenever the page is hidden (eg. by pressing the home button), although it would be very annoying for regular users.
vasco 13 hours ago [-]
Indeed this is mostly performative by the police because the user would switch apps, turn off the phone screen, or any other easier way as you describe.
hluska 6 hours ago [-]
So it works on desktop but it’s performative? I understand that it’s cool to be anti-police now but that’s some really strange reasoning.
transitorykris 19 hours ago [-]
Brilliant feature, well done Vancouver PD. A very serious boss mode. Lotus 1-2-3 wouldn't look quite right here but weather.ca is plausible.
When I was a little kid I was playing a DOS submarine game which had a Boss Key.
All I knew was the button makes it quit the game so my 6 year old interpretation was that it must be something you press when you get to the final boss and are too scared?
One day I played for an hour straight trying to get to the boss part of the game but it never came.
analog31 17 hours ago [-]
Amusingly, I just noticed that alt-spacebar-n doesn't hide a window in Ubuntu.
lostlogin 16 hours ago [-]
Bullies can’t use Linux, that’s for the bullied.
specproc 12 hours ago [-]
I came here for the boss key
mondobe 18 hours ago [-]
The Trevor Project (LGBTQ support/suicide prevention site) has the same thing, triggered by a hotkey (press ESC three times). https://www.thetrevorproject.org/
Sidio 14 hours ago [-]
Great execution
sunnybeetroot 8 hours ago [-]
Reminds me of the Australian domestic violence website. It also has an app that quick escapes to a weather app.
While this is a great idea that no-doubt does help some people, beware this doesn't clean up all traces in the browser, and private/incognito is better at not keeping a history.
For example, there is a favicon cache in firefox.
If you query favicons.sqlite in your profile directory:
select * from moz_pages_w_icons order by id desc limit 10;
Then you can see a recent history that isn't cleared up when you just clear history like this.
9 hours ago [-]
defrost 19 hours ago [-]
Raises the question of whether browsers should have a [Replace Page, Erase Domain from History] button and hotkey.
This is a good idea that deserves to be across all Police, Help, Domestic Violence, 911, Suicide Hotline, etc sites across all countries.
homebrewer 19 hours ago [-]
Firefox already has "forget this site", which removes all traces of you ever visiting the site, but it's only available from the history modal.
Been there for probably decades, yet another thing mostly known to/used by "advanced" users.
Springtime 18 hours ago [-]
What's weird is with Firefox for Android it's so difficult erasing a site from being remembered. Once visited, in my experience, even after deleting the history entry and last closed tabs item it still auto completes the domain in the addressbar (when it didn't before) and the only workaround is a full history wipe (since the Android version offers no granular timeframe like the desktop version).
So if accidentally clicking some link from some other app that auto opens the default browser it's a PITA to get FF for Android to forget about it.
iwontberude 17 hours ago [-]
Android is a wasteland, not surprised
hyperhello 18 hours ago [-]
A website can wipe itself from history? That seems like a major security issue.
jerbearito 18 hours ago [-]
"That seems like a major security issue."
Do you mean something you verified is happening or something you assumed is happening? You can go look at the site OP linked and find out what is happening and if it's a "major security issue". In this case, after user click/intervention, it renames the current history entry to "New Tab". This is not a security issue at all.
hyperhello 18 hours ago [-]
Well, it’s right there in the headline that the website wipes itself from history, so I don’t need any realignment of my ability to discern what I’ve read from what I’ve imagined. If all the site is doing is renaming itself New Tab then that sure isn’t newsworthy. Maybe a domestic violence reporting site should just name itself something innocuous in general without the quick escape? But nonetheless, a web site replacing its own history entry with something from another domain sure doesn’t sound secure.
xdkaplan 17 hours ago [-]
Not to start an argument but in lamence terms, renaming history to "New Tab" is as close to wiping history as a website can manage. Concealing, obfuscating, hiding might have been better words but the non technucal audience would not see an issue with the language. Nuance is important, though and i agree its slightly misleading
hyperhello 17 hours ago [-]
I just tested it on both iPhone and Android and it does indeed remove itself from history and replaces with a link to a weather domain. That’s incredible that it is allowed and I can trivially think of a way to get someone to get to a fake banking site right now, or for that matter, fill the history with a series of visits to domestic violence sites or even worse!
This is known and commonly used -- since 1996. What's the risk? You can't change records about other domains.
hyperhello 17 hours ago [-]
I knew about history.replace but I had no idea you could cross sites. Suppose a site, for example, leaves a trail of Amazon Shopping, and curious, you go to it to recall what you did, but it’s Amaz0n instead.
post-it 17 hours ago [-]
Well there's no need to suppose. While I think if it hasn't been exploited in 30 years, there probably isn't an attack surface, you can always demonstrate and report an exploit.
hilariously 12 hours ago [-]
I dont think its highly exploitable, but you could get people in trouble - have them visit innocuous website during a vulnerable time window, spray a bunch of adult websites into their history, report them to the boss, future visits do not inject history items.
16 hours ago [-]
aaron695 10 hours ago [-]
[dead]
100721 17 hours ago [-]
What does “lamence” mean?
caymanjim 16 hours ago [-]
It's an eggcorn for "layman's".
chopin 4 hours ago [-]
What does eggcorn mean?
hyperhello 1 hours ago [-]
That's a typo.
caymanjim 24 minutes ago [-]
It's not a typo. Although it's really more of a routine malapropism than an eggcorn, since it's nonsensical.
> Not to start an argument but in lamence terms, renaming history to "New Tab" is as close to wiping history as a website can manage.
"I did my best" is no excuse for this critical failure to deliver as advertised.
This fail is a horrifying abuse facilitator.
17 hours ago [-]
17 hours ago [-]
17 hours ago [-]
jerbearito 17 hours ago [-]
"so I don’t need any realignment of my ability to discern what I’ve read from what I’ve imagined"
Not what I asked but I'm glad you're doing okay! I share your concerns.
albeebe1 19 hours ago [-]
reminds me of boss mode in leisure suit larry 1
marking-time 18 hours ago [-]
That is an old reference. I bow to the senior geek.
hoherd 18 hours ago [-]
lemmings.exe also had an immediate quit without warning on the esc key, iirc.
lioeters 17 hours ago [-]
I think SimCity Classic had a similar feature.
17 hours ago [-]
zippyman55 18 hours ago [-]
Respect!
accountrequired 18 hours ago [-]
sdf commode too :)
runtime_lens 13 hours ago [-]
I like that this treats as a UX problem not just a technical one.
The challenge is making sure people know the feature exists before they need it. An escape mechanism isn't very useful if you only discover it after you're already in a stressful situation.
IdiotSavage 13 hours ago [-]
Isn't this exactly why browsers implemented "private mode"?
Why don't they inform users about how to properly use private mode, which works with any website, instead of rolling their own solution, which the user has to learn just for that one website?
gouggoug 13 hours ago [-]
Because most users aren’t computer savvy and victims in a hurry probably don’t have time for a lesson.
On top of that, informing users requires them to open up the website in the first place… leaving it in… the history.
RevEng 13 hours ago [-]
Private mode assumes you choose in advance. If you are suddenly approached, you can trigger the quick exit without any prior planning and it can be done inconspicuously.
simonjgreen 13 hours ago [-]
They could be in a situation where that’s not available such as a child’s phone with parental controls or a managed work device that has it locked out.
8organicbits 4 hours ago [-]
Does this actually remove from history? The feature says escape, but the back button and history still show the page (Firefox on Android).
daniel-smid 11 hours ago [-]
Smart use of history-wiping and the Shift-three-times pattern from gov.uk shows how thoughtful UX can protect at-risk users. Small details, big safety impact.
roysting 11 hours ago [-]
I guess gov.uk is in fact the expert at history wiping patterns, especially when it comes to mass gang based violation of thousands of young girls from broken homes that they are complicit in the abuse of for decades.
A quick wipe and that didn’t happen. Works wonders.
IgorPartola 9 hours ago [-]
https://sbaproject.org/ has the same thing. Sometimes visiting a website can have very real and very violent consequences. Thankfully these folks know what they are doing.
jmward01 17 hours ago [-]
Reminds me of the boss key in a lot of 80's games.
tacodestroyer 18 hours ago [-]
this is awesome. i had a similar idea for a women's shelter but this approach is 1000% better and less complicated than mine. bravo!
pwdisswordfishq 11 hours ago [-]
Isn't that what "incognito mode" is for? Why should random websites have the capability to wipe themselves from history?
FabCH 11 hours ago [-]
Because people who need help from the police and have to hide their tracks might not be completely technically literate. Or indeed fully literate at all.
This page serves the 0.01% most vulnerable.
JensRantil 9 hours ago [-]
This type of button is very common on websites for women of domestic abuse.
torgeros 6 hours ago [-]
Yeah and it crashes my browser xDDD
Cider9986 17 hours ago [-]
It doesn't wipe from history on Vanadium GrapheneOS (likely same on Android Chrome). It does change its icon to Google and open Google and weather websites.
mxfh 9 hours ago [-]
Just hope this does not get flagged as spam by google and demotes useful sites, so they are not found to begin with, which would make this useful feature a net negative.
Because same methods can also used by bad actors for deceptive and spammy actions and we are not allowed to have nice things ever.
Therefore Google has something against messing with browser navigation state back button behavior and history such actions usually got demoted in rankings.
I think it's also fine for all sort of marginal and ephemeral actions that should not spam the browser history, like panning over a map or how far you scrolled down a page, but want to end up back there on reload and shares possibly.
It only replaces the current page, and VPD is not a single-page app. So if you've been clicking around to find something, the previous pages will still be in your history.
If you need to hide your browsing history from an abusive partner, it would be more secure to use incognito mode and hit Alt+F4 when you need to escape. Unfortunately, Chrome renders incognito windows in dark mode by default. If you're normally on light mode, the transition is extremely conspicuous. Edge and Firefox do the same. It's as if all browser vendors have colluded to make it difficult to browse in secret.
xp84 16 hours ago [-]
Not enough people know this: in Chrome and Edge, making a Guest window is usually more useful than Incognito. You do it from the profile menu. It’s a throwaway profile, without the various weird special-case behaviors (including the ones websites can detect) that “incognito” has. When you close it, it’s all discarded anyway.
CM30 18 hours ago [-]
Apparently Firefox has a config option to disable this:
browser.theme.dark-private-windows. Set to false, and you're set.
kijin 16 hours ago [-]
Thanks for the tip, but the usual open-source "you can change it" argument doesn't work in this case. People who like to control other people will interpret any deviation from the expected behavior as an attempt to hide something from them. If you change the defaults, those defaults can no longer serve as your alibi. All the more reason to ship secure defaults!
vhcr 18 hours ago [-]
Maybe just use an incognito window?
1123581321 16 hours ago [-]
It’s pretty easy to catch someone fumbling with incognito if you can suddenly enter a room. (Not that it wouldn’t also be easy to catch someone clicking this button.)
tangenter 16 hours ago [-]
Aye, the world we live in.
SSLy 12 hours ago [-]
the favicon isn't removed
aembleton 10 hours ago [-]
It is in Firefox. Which browser are you using?
SSLy 4 hours ago [-]
Indeed Firefox
19 hours ago [-]
protocolture 18 hours ago [-]
But when the Vancouver PD are beating you up, you wont have time to load the page to locate the quick escape button.
jamal-kumar 18 hours ago [-]
That's funny, right before this I was just reading about how some idiot I knew from back in the day beat the shit out of some stranger on the SkyTrain for his headphones. Maybe it's time to realize how fucked Vancouver is and that the cops aren't the problem
afavour 17 hours ago [-]
In 2025 Vancouver had the lowest violent crime rate in 23 years. Not that there’s no crime of course but I don’t see that it really constitutes Vancouver being “fucked”.
lfx 17 hours ago [-]
Not all crimes are reported in Vancouver. But agree is not as bad as some paints.
brailsafe 14 hours ago [-]
Vancouver is fucked in many ways but general safety is not one of them. Quality of life is quite good if one can afford.
10 hours ago [-]
12 hours ago [-]
8 hours ago [-]
jojobas 18 hours ago [-]
The site (vpd.ca) remains in history, just with the name replaced with "New Tab", which the script does just before redirecting. I would be very upset if browsers allowed sites to mess with history.
Hizonner 17 hours ago [-]
Not a bad idea, except that *WEB PAGES SHOULD HAVE NEITHER ANY ACCESS TO NOR ANY CONTROL OVER THE HISTORY, PERIOD, AND SOMEBODY NEEDS TO BEAT THE MORONS RESPONSIBLE FOR THIS "WEB PLATFORM" BULLSHIT SENSELESS*.
It's good that a police department has chosen to do this with the misfeature, but the fact that there are non-abusive applications is not an excuse.
zuzululu 18 hours ago [-]
its too bad they do very little fighting actual crime same with montreal pd probably two least effective and disliked departments in all of canada
SpecialistK 18 hours ago [-]
Any large city's PD is going to be controversial. From the experience of people close to me who work with police, the VPD are better run and have more programs like Car 33 than the RCMP in neighbouring jurisdictions.
Many of the perceived issues come from (I'll say it) corrupt judges who let out career petty criminals on a bail-less "promise to appear." Some officers report arresting the same person twice in one shift.
At least it's not TPS, where the chief likes to protect officers who commit perjury in the name of framing an innocent man for a Sergeant's suicide.
rangestransform 18 hours ago [-]
VPD has become notably more controversial after Jim Chu stepped down, before that it was notable how professional they were for a North American police department
SpecialistK 18 hours ago [-]
A lot of the first hand experiences I've heard were from around Chu's tenure, so I can't refute that.
There's this nice blog [3] that explains why they chose Shift instead of other keys, and also gives a nice overview of the pattern.
[1] https://design-system.service.gov.uk/patterns/exit-a-page-qu... [2] https://design-system.service.gov.uk/components/exit-this-pa... [3] https://beeps.website/blog/2024-10-09-why-govuk-exit-this-pa...
> As a result of advertising people being bastards,
The gov.uk Design Team are a treasure.
The whole blog is! I do enjoy the furry, aro-ace, agender, otherkin, machinekin and plural-system subcultures.
Engineering (as with so many professions) is about so much more than just shipping features as quickly as possible, and it pleases me when I see fellow engineers taking care and showing thorough consideration over the potential impact of their design decisions on people from all walks of life and circumstances.
Windows Sticky Keys entered the room.
- Escape is simply unusable.
- Alt alone leaves the viewport and goes to menu, making further keypresses unregistered
- control is inconsistently placed on keyboards (e.g. laptops) which they don't say directly in the blog, makes extra sense if you recall it suggests not using devices the abuser might be admin/monitoring (public devices, friend devices, etc). It also is highly selected by other assistive technology products just like sticky keys.
They also recognized the issue... And tested it against JAWS and using it with on-screen keyboards
Seems they were very thorough.
0: https://beeps.website/blog/2024-10-09-why-govuk-exit-this-pa...
Note: this is the same link as in the grandparent post
But having a stray sticky keys window open is not too conspicuous
And then the spamming of the communication that would follow.
Those pre-canned German voices were so great.
> Interruption page
> Create a page to explain Exit this page to users.
> You must show this page after the start point of your service, but before the page where the user will see the Exit this page button for the first time.
> On longer services, you might need more than one interruption page.
You can try to argue this down and reason about it all you want, but it's still a bad default regardless of how it's presented to the user. It's also bad design because it conflicts with similar defaults such as the shortcut to open the camera (press power button twice), silencing an incoming call (press once), etc. People may also press multiple times when the phone seems unresponsive.
You'd expect the resurgence of bad defaults to be motivated by marketing or something, but this one is just outright stupidity.
There's a part of me that is fairly convinced this was added as an afterthought after much internal whining by someone at google with a checklist insisting that android must support some easily accessible emergency feature. This was then deliberately chosen to make the feature look bad, and the users are victims of office politics.
> If you are experiencing family violence, don't worry, the information within this pop-up won't appear in your browser's history.
Pages like Banks or Council websites have it in their footer, so people can lookup information without it appearing in their history
Currently they're going from a "not 100% bright website" to "very much 100% bright website" and the flash in people's faces will be relatively obvious, if the other person been trying to hide websites themselves. I've heard.
The thing that still works is the back button after the redirection to Google, and you can still un-close the tab with Ctr-Shf-T which pops the Google page with back history intact. They have "cache-control: max-age=0" which probably should be changed to "cache-control: no-store". Still, the back button has the history if the user clicked links. Improvements could be:
- Recommend the usage of incognito mode.
- Blank the page immediately with "document.body.innerHTML=''" before the page replacement, as the replacement alone can have a delay and the abuser could see a glimpse of the police page. Blanking is immediate.
That's what the "document.body.style.opacity = 0;" is for. Though I agree emptying out the body is probably better.
I am 100% sure that some do, thanks to firsthand life. And any doing it, is enough to get people dead, even if 99% don't. And yes, CS majors can be abusers, too.
[0] https://www.esafety.gov.au/key-topics/domestic-family-violen...
https://www.npr.org/sections/alltechconsidered/2014/09/15/34...
It’s so prevalent it even has a name.
https://en.wikipedia.org/wiki/Stalkerware
Don’t underestimate an abuser’s ability to find a way.
If you ever call 911 and order a pizza, many of the dispatchers are trained to recognize that as "I am in danger and I need an officer to come to the house immediately. The person threatening me can hear this conversation."
It works b/c it gives you a plausible reason to give your address to someone over the phone and they can give you an ETA which is also plausible of "the pizza guy will be here in 20 minutes" etc.
E.g. go to govt.nz and scroll to the bottom. There's a little icon of a computer that opens a popup element inside the page.
It gives information for victims of domestic violence and abuse.
Another thing that looks awesome, from a public service perspective, the zero data (phone plan) offer. From what it sounds like you don't have to pay for data on your phone plan: https://www.govt.nz/browse/engaging-with-government/no-data-...
That is public service! Well done.
It is important to make it as easy as possible to get to the main content of the site.
This is doubly an issue, as browsers think hiding the http and www is super cool.
So in modern times, you'd never know if the non www was borked or not. It'd just seem slower, especially with a packet drop.
Ideally, you'd want to know there's an issue, not mask it. For example, by updating your bookmark, instead of saying "this site is slow every time".
I wonder of we'll just stop selling forks, because expecting users to learn a tool is verboden. In truth, it is the ridiculous change to tools for no reason which is the issue. Redesigning the UI almost yearly, moving menu items, changing menu item names, and other absurdities. Apparently this is all sensible, whilst expecting the user to know https vs http, and www is absolutely bonkers, and we must help and protect them from this horrible weight of knowledge.
But in testing, I found that history deletion was not possible everywhere. I opted to open a new tab with a harmless google search, so that the history would not exist in that tab. Meanwhile, the original tab is also redirected to a new page.
I'm going to investigate what the UK site did to look for any potential improvements I can make.
This pattern is definitely better than most and it is refreshing seeing they put some resources into it. In my professional experience, organisations often chose the "a link to another site like google is fine" option to save money and time while still getting to boast about their security culture.
One thing I have not found much research on however, but would love to hear about, is the effect of these kinds of patterns on the user's speed and choice of actions and how that effects outcomes. What I mean by that is, say someone is visiting the site on their phone and an adversary walks into the room. Most people these days know the fastest way to leave a page at short notice - maybe the home button/gesture, maybe swipe to another open app. Does having a big red button that introduces a new choice help them, or add to the cognitive bandwidth needed to handle the situation?
Remember, by definition the type of situations that this component is intended to help with are going to be stressful and likely have little to no warning; the person is going to walk in the room and the user has moments to act.
What is going to lead to measurably better outcomes; a big red button that the user needs to read, understand and move their finger/hand to, or their own knowledge of their own device's most efficient escape mechanisms?
This isn't meant as a criticism of the component. I am just genuinely curious as to what the best tool to assist folks in this situation is? We are talking about real people with real fears and the possibility of very bad outcomes.
The other site someone mentioned (https://www.thetrevorproject.org/) doesn't have that issue.
All I knew was the button makes it quit the game so my 6 year old interpretation was that it must be something you press when you get to the final boss and are too scared?
One day I played for an hour straight trying to get to the boss part of the game but it never came.
https://1800respect.org.au/sunny
For example, there is a favicon cache in firefox.
If you query favicons.sqlite in your profile directory:
Then you can see a recent history that isn't cleared up when you just clear history like this.This is a good idea that deserves to be across all Police, Help, Domestic Violence, 911, Suicide Hotline, etc sites across all countries.
Been there for probably decades, yet another thing mostly known to/used by "advanced" users.
So if accidentally clicking some link from some other app that auto opens the default browser it's a PITA to get FF for Android to forget about it.
Do you mean something you verified is happening or something you assumed is happening? You can go look at the site OP linked and find out what is happening and if it's a "major security issue". In this case, after user click/intervention, it renames the current history entry to "New Tab". This is not a security issue at all.
This is known and commonly used -- since 1996. What's the risk? You can't change records about other domains.
https://en.wikipedia.org/wiki/Eggcorn
"I did my best" is no excuse for this critical failure to deliver as advertised.
This fail is a horrifying abuse facilitator.
Not what I asked but I'm glad you're doing okay! I share your concerns.
Why don't they inform users about how to properly use private mode, which works with any website, instead of rolling their own solution, which the user has to learn just for that one website?
On top of that, informing users requires them to open up the website in the first place… leaving it in… the history.
A quick wipe and that didn’t happen. Works wonders.
This page serves the 0.01% most vulnerable.
Because same methods can also used by bad actors for deceptive and spammy actions and we are not allowed to have nice things ever.
Therefore Google has something against messing with browser navigation state back button behavior and history such actions usually got demoted in rankings.
I think it's also fine for all sort of marginal and ephemeral actions that should not spam the browser history, like panning over a map or how far you scrolled down a page, but want to end up back there on reload and shares possibly.
https://developers.google.com/search/blog/2026/04/back-butto...
If you need to hide your browsing history from an abusive partner, it would be more secure to use incognito mode and hit Alt+F4 when you need to escape. Unfortunately, Chrome renders incognito windows in dark mode by default. If you're normally on light mode, the transition is extremely conspicuous. Edge and Firefox do the same. It's as if all browser vendors have colluded to make it difficult to browse in secret.
browser.theme.dark-private-windows. Set to false, and you're set.
It's good that a police department has chosen to do this with the misfeature, but the fact that there are non-abusive applications is not an excuse.
Many of the perceived issues come from (I'll say it) corrupt judges who let out career petty criminals on a bail-less "promise to appear." Some officers report arresting the same person twice in one shift.
At least it's not TPS, where the chief likes to protect officers who commit perjury in the name of framing an innocent man for a Sergeant's suicide.