Opened 8 months ago
Last modified 3 months ago
#25204 new enhancement
Switch security.insecure_connection_* prefs to warn users about insecure HTTP in FF60-esr
| Reported by: | cypherpunks | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | ff60-esr, ux-team |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
These prefs are much more eye grabbing as they display both the broken padlock and the "Not Secure" text, which is really important in TB context:
Child Tickets
Change History (4)
comment:1 Changed 8 months ago by
| Keywords: | ux-team added |
|---|
comment:2 Changed 8 months ago by
If enabled in the next TB stable 8.0 release this would also coincide with the time Google enables it as well, and probably Mozilla as well. https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html
comment:3 Changed 3 months ago by
Chrome 68 will be released on: July 24th, 2018 https://www.chromium.org/developers/calendar (which will label as insecure all http by default see https://arstechnica.com/information-technology/2018/07/despite-chromes-pending-mark-of-shame-3-major-news-sites-arent-https/ ) so can we get this for the next alpha as it's only a matter of flipping some prefs?
comment:4 Changed 3 months ago by
It's finally the day: Today’s the day that Chrome brands plain old HTTP “not secure” https://arstechnica.com/gadgets/2018/07/todays-the-day-that-chrome-brands-plain-old-http-as-not-secure/
Can we get this ticket done for the next alpha? :)
Good idea! Putting ux-team to know what they think.