Opened 3 years ago

Last modified 8 months ago

#25204 new enhancement

Switch security.insecure_connection_* prefs to warn users about insecure HTTP in FF60-esr

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff60-esr, ux-team
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

These prefs are much more eye grabbing as they display both the broken padlock and the "Not Secure" text, which is really important in TB context:

https://web.archive.org/web/20180210095051if_/https://i.stack.imgur.com/lY6e4.jpg

Child Tickets

Change History (12)

comment:1 Changed 3 years ago by cypherpunks

Keywords: ux-team added

Good idea! Putting ux-team to know what they think.

comment:2 Changed 3 years ago by cypherpunks

If enabled in the next TB stable 8.0 release this would also coincide with the time Google enables it as well, and probably Mozilla as well. https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:3 Changed 2 years ago by cypherpunks

Chrome 68 will be released on: July 24th, 2018 https://www.chromium.org/developers/calendar (which will label as insecure all http by default see https://arstechnica.com/information-technology/2018/07/despite-chromes-pending-mark-of-shame-3-major-news-sites-arent-https/ ) so can we get this for the next alpha as it's only a matter of flipping some prefs?

comment:4 Changed 2 years ago by ProTipGuyFWIWWeLoveARMA

It's finally the day: Today’s the day that Chrome brands plain old HTTP “not secure” https://arstechnica.com/gadgets/2018/07/todays-the-day-that-chrome-brands-plain-old-http-as-not-secure/

Can we get this ticket done for the next alpha? :)

comment:5 Changed 20 months ago by pili

Sponsor: Sponsor27

comment:6 Changed 19 months ago by pili

Sponsor: Sponsor27

comment:7 Changed 19 months ago by cypherpunks

No feedback from the UX team on this?

comment:8 Changed 19 months ago by gk

Closing #29678 as a duplicate. For Mozilla bugs on that matter, see: comment:5:ticket:29678 and comment:6:ticket:29678.

comment:9 Changed 19 months ago by pili

Parent ID: #30037

comment:11 Changed 9 months ago by antonela

Parent ID: #30037#30025

comment:12 Changed 8 months ago by pili

Parent ID: #30025

Ticket is not tagged with sponsor and will not be done for this project

Note: See TracTickets for help on using tickets.