Opened 8 months ago

Last modified 3 months ago

#25204 new enhancement

Switch security.insecure_connection_* prefs to warn users about insecure HTTP in FF60-esr

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff60-esr, ux-team
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

These prefs are much more eye grabbing as they display both the broken padlock and the "Not Secure" text, which is really important in TB context:

https://web.archive.org/web/20180210095051if_/https://i.stack.imgur.com/lY6e4.jpg

Child Tickets

Change History (4)

comment:1 Changed 8 months ago by cypherpunks

Keywords: ux-team added

Good idea! Putting ux-team to know what they think.

comment:2 Changed 8 months ago by cypherpunks

If enabled in the next TB stable 8.0 release this would also coincide with the time Google enables it as well, and probably Mozilla as well. https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

Last edited 8 months ago by cypherpunks (previous) (diff)

comment:3 Changed 3 months ago by cypherpunks

Chrome 68 will be released on: July 24th, 2018 https://www.chromium.org/developers/calendar (which will label as insecure all http by default see https://arstechnica.com/information-technology/2018/07/despite-chromes-pending-mark-of-shame-3-major-news-sites-arent-https/ ) so can we get this for the next alpha as it's only a matter of flipping some prefs?

comment:4 Changed 3 months ago by ProTipGuyFWIWWeLoveARMA

It's finally the day: Today’s the day that Chrome brands plain old HTTP “not secure” https://arstechnica.com/gadgets/2018/07/todays-the-day-that-chrome-brands-plain-old-http-as-not-secure/

Can we get this ticket done for the next alpha? :)

Note: See TracTickets for help on using tickets.