Opened 22 months ago

Last modified 4 months ago

#25204 new enhancement

Switch security.insecure_connection_* prefs to warn users about insecure HTTP in FF60-esr

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff60-esr, ux-team
Cc: Actual Points:
Parent ID: #30037 Points:
Reviewer: Sponsor:

Description

These prefs are much more eye grabbing as they display both the broken padlock and the "Not Secure" text, which is really important in TB context:

https://web.archive.org/web/20180210095051if_/https://i.stack.imgur.com/lY6e4.jpg

Child Tickets

Change History (10)

comment:1 Changed 22 months ago by cypherpunks

Keywords: ux-team added

Good idea! Putting ux-team to know what they think.

comment:2 Changed 22 months ago by cypherpunks

If enabled in the next TB stable 8.0 release this would also coincide with the time Google enables it as well, and probably Mozilla as well. https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

Last edited 22 months ago by cypherpunks (previous) (diff)

comment:3 Changed 17 months ago by cypherpunks

Chrome 68 will be released on: July 24th, 2018 https://www.chromium.org/developers/calendar (which will label as insecure all http by default see https://arstechnica.com/information-technology/2018/07/despite-chromes-pending-mark-of-shame-3-major-news-sites-arent-https/ ) so can we get this for the next alpha as it's only a matter of flipping some prefs?

comment:4 Changed 17 months ago by ProTipGuyFWIWWeLoveARMA

It's finally the day: Today’s the day that Chrome brands plain old HTTP “not secure” https://arstechnica.com/gadgets/2018/07/todays-the-day-that-chrome-brands-plain-old-http-as-not-secure/

Can we get this ticket done for the next alpha? :)

comment:5 Changed 9 months ago by pili

Sponsor: Sponsor27

comment:6 Changed 9 months ago by pili

Sponsor: Sponsor27

comment:7 Changed 9 months ago by cypherpunks

No feedback from the UX team on this?

comment:8 Changed 9 months ago by gk

Closing #29678 as a duplicate. For Mozilla bugs on that matter, see: comment:5:ticket:29678 and comment:6:ticket:29678.

comment:9 Changed 9 months ago by pili

Parent ID: #30037
Note: See TracTickets for help on using tickets.