"ClearClick" explanatory dialog box options too technical

[Hammerite]

I was just now attempting to pay for something by debit card, and had to go through the "Verified by Visa" procedure as a security measure. When I clicked on a submit button, I was presented with the "ClearClick" dialog box warning me that a page element was hidden, or something along those lines - clicking the picture indicated that it was something along the lines of hiding some scrollbars so I deduced that it was harmless. I was rather thrown by the options presented in the dialog box, though. The wording of the options was technical and the meaning of the options was not at all clear. The FAQ, which is linked to in the dialog box, explains what "clickjacking" is and how "ClearClick" aims to defeat it, but it does not explain the options given in the dialog box. The dialog box would benefit from better wording, or else another FAQ question should be added explaining what each option means.

The specific options I am talking about are:

"Keep this element locked (recommended)" - what does this mean? I am not a technical user. The second time I tried clicking on the page's submit button, I experimented by unticking this option and found that it allowed the page to function seemingly as intended.

"ClearClick protection on pages... untrusted / trusted" - what does this mean? Are you asking me whether I trust you, or the pages themselves? Why are there two tick boxes rather than just one?

The dialog could do with a button that just says "I trust this page - ignore this issue at this time".

This post might be considered a bug report or feature request, but I am posting it in this forum nevertheless because it does not require registration.

[MapC]

Hoping to call attention to this question, to get an answer, please.

I think ClearClick is neat, and I thank you for it. But, as reflected in clearly-stated and well-documented questions, at least since early December 2010, the user interface in the dialog box should be put into user language, not program-centric jargon. (In this case, that is, "Keep this element locked" and "ClearClick protection on pages untrusted/trusted": what the heck do those mean in terms of the specific detection?). Kind of the ancient issue with software, and it's hard to understand why it exists here. What's the point of a browser-based GUI, when the options are framed in the language of the program functions and the programmer, not the user? You undermine the point of the code, if you don't fix the GUI.

Back in December, a report of the same issue, got a reply to alter program settings. Please, guys, fix the GUI - don't tell us to change code settings when we're all using a browser-based application with user interface.

So perhaps there is also a functional challenge here. While NoScript can block scripts, it could be much harder to selectively allow the variety of variable inserts to frames.

If that's the case, sorry, but I'm asking for more. What I'd like, is the same option with ClearClick, as I've got with NoScript. Apparently others share this desire. In my case, another Firefox Add-On, Adblock, is inserting a "Block" tag. ClearClick shows this extremely clearly, and I think that's great. But the ClearClick default settings prevent me from using the site, and the options provided are in jargon, so I don't know how how to disable ClearClick for that detection only. I don't want to disable ClearClick globally, but the questions almost imply that. Instead, let me Allow that specific Frame alteration, and continue to use the site as I wish.

So please, in the Detection dialog box, provide an option for us to "Allow" (temporarily, for that frame-session) the specific anomaly detected, that triggered that specific ClearClick alert. ClearClick has done a brilliant job of showing us the two detected alternate states. You've made it as easy as possible, for us to see whether the alteration is an attack, or if it's innocuous. Give us an option to Allow the specific innocuous ones. We'd want ClearClick to continue to function for any other detections.

Got any answers, in users' terms, please? Thanks for your consideration, and for NoScript and ClearClick.

[Giorgio Maone]

"Keep this element locked", the default, will continue preventing your interaction with the concealed or disguised element which ClearClick just detected.
Therefore, if you judge this interaction is legitimate, after having checked both the pictures (disguised and revealed), you may want to uncheck this option and you'll be able to interact with that element only (the one shown in the pictures), just until the end of the session.

The other options are more global, and respectively mean that ClearClick should be enabled or disabled on sites in NoScript's whitelist (trusted) and/or in the other sites (untrusted). By default, ClearClick is enabled on both trusted and untrusted sites, but you may decide that you just want it to work on untrusted sites, for instance.

[MapC]

Grazie mille, Maestro Maone. NoScript and ClearClick are awesome.