Opened 12 months ago
Last modified 6 months ago
#25204 new enhancement
Switch security.insecure_connection_* prefs to warn users about insecure HTTP in FF60-esr
| Reported by: | cypherpunks | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | ff60-esr, ux-team |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
These prefs are much more eye grabbing as they display both the broken padlock and the "Not Secure" text, which is really important in TB context:
Child Tickets
Change History (4)
comment:1 Changed 12 months ago by
| Keywords: | ux-team added |
|---|
comment:2 Changed 11 months ago by
If enabled in the next TB stable 8.0 release this would also coincide with the time Google enables it as well, and probably Mozilla as well. https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html
comment:3 Changed 7 months ago by
Chrome 68 will be released on: July 24th, 2018 https://www.chromium.org/developers/calendar (which will label as insecure all http by default see https://arstechnica.com/information-technology/2018/07/despite-chromes-pending-mark-of-shame-3-major-news-sites-arent-https/ ) so can we get this for the next alpha as it's only a matter of flipping some prefs?
comment:4 Changed 6 months ago by
It's finally the day: Today’s the day that Chrome brands plain old HTTP “not secure” https://arstechnica.com/gadgets/2018/07/todays-the-day-that-chrome-brands-plain-old-http-as-not-secure/
Can we get this ticket done for the next alpha? :)
Good idea! Putting ux-team to know what they think.