Bug 1561531 Comment 46 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

(In reply to Sollace from comment #44)
> Removing visual indicators that you're on a secure page are TERRIBLE for user security.
> Chrome did it, Firefox definitely SHOULD NOT.

That is not correct. It's better for user security to focus on highlighting problematic cases only. Chrome unfortunately hid both protocols which is a bit confusing, yes. Firefox aims to hide https:// (the new majority), but showing http://. [Chrome 81](https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html) will upgrade all mixed content to https. We should do it, too. (security.mixed_content.upgrade_display_content;true).
(In reply to Sollace from comment #44)
> Removing visual indicators that you're on a secure page are TERRIBLE for user security.
> Chrome did it, Firefox definitely SHOULD NOT.

That is not correct. It's better for user security to focus on highlighting problematic cases only. Chrome unfortunately hid both protocols which is a bit confusing, yes. Firefox aims to hide https:// (the new majority), but showing http://. [Chrome 81](https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html) will upgrade all mixed content to https. We should do it, too. (security.mixed_content.upgrade_display_content;true).
Edit: Filed bug 1601408.

Back to Bug 1561531 Comment 46