HTTPSEverywhere 3.4.2 preferences confusingly displayed in TBB 3.0-rc-1
By default, users see:
Both checked and greyed out: "When you see a new certificate, tell the Observatory which ISP you are connected to" Both selected and greyed out: "Check certificates even if Tor is not avaialble"
Even the appearance of "Check certificates even if Tor is not available" being selected may be disconcerting to TBB users, especially since it may not be immediately obvious how to change those preferences without first enabling the Observatory. Presumably, the same users who would be concerned about the appearance of these preferences as defaults might also be hesitant to toggle "Use the Observatory."
Under advanced options, submitting and checking self-signed certificates may not be a privacy-appropriate default for Observatory users if they don't happen to check the advanced options, and defaulting to the appearance of a selected/greyed out "Check certificates using Tor for anonymity (requires Tor)" might be less confusing default for TBB users. Hiding the two options under "Use the Observatory?" until it's checked would be even better.
Trac:
Username: browserprivacy