Switch security.insecure_connection_* prefs to warn users about insecure HTTP in FF60-esr

[cypherpunks]

These prefs are much more eye grabbing as they display both the broken padlock and the "Not Secure" text, which is really important in TB context:

[cypherpunks]

Good idea! Putting ux-team to know what they think.

[cypherpunks]

If enabled in the next TB stable 8.0 release this would also coincide with the time Google enables it as well, and probably Mozilla as well. ​https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

[cypherpunks]

Chrome 68 will be released on: July 24th, 2018 ​https://www.chromium.org/developers/calendar (which will label as insecure all http by default see ​https://arstechnica.com/information-technology/2018/07/despite-chromes-pending-mark-of-shame-3-major-news-sites-arent-https/ ) so can we get this for the next alpha as it's only a matter of flipping some prefs?

[ProTipGuyFWIWWeLoveARMA]

It's finally the day: Today’s the day that Chrome brands plain old HTTP “not secure” ​https://arstechnica.com/gadgets/2018/07/todays-the-day-that-chrome-brands-plain-old-http-as-not-secure/

Can we get this ticket done for the next alpha? :)

[cypherpunks]

No feedback from the UX team on this?

[gk]

Closing #29678 as a duplicate. For Mozilla bugs on that matter, see: comment:5:ticket:29678 and comment:6:ticket:29678.

[cypherpunks]

Backport ​https://bugzilla.mozilla.org/show_bug.cgi?id=1562881

[pili]

Ticket is not tagged with sponsor and will not be done for this project