[meta] Show a negative indicator for HTTP and no indicator for HTTPS
Categories
(Firefox :: Security, enhancement, P3)
Tracking
()
People
(Reporter: tanvi, Unassigned)
Details
(Keywords: meta)
Attachments
(4 files, 1 obsolete file)
Reporter | ||
Comment 1•8 years ago
|
||
Updated•7 years ago
|
Comment 2•7 years ago
|
||
Reporter | ||
Comment 3•7 years ago
|
||
Updated•7 years ago
|
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Updated•7 years ago
|
Comment 6•7 years ago
|
||
Comment hidden (mozreview-request) |
Comment 8•7 years ago
|
||
mozreview-review |
Comment 9•7 years ago
|
||
Comment 10•7 years ago
|
||
Comment 11•7 years ago
|
||
Comment 12•7 years ago
|
||
Comment 13•7 years ago
|
||
Comment 14•7 years ago
|
||
Comment 15•7 years ago
|
||
Comment 16•7 years ago
|
||
Comment 17•7 years ago
|
||
Comment 18•7 years ago
|
||
Comment 19•7 years ago
|
||
Comment hidden (mozreview-request) |
Comment 21•7 years ago
|
||
Comment 22•7 years ago
|
||
hide mozreview-review reviewboard-spam |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment 25•7 years ago
|
||
Comment 26•7 years ago
|
||
mozreview-review |
Comment 27•7 years ago
|
||
partly-obsolete please-follow-link |
Comment hidden (mozreview-request) |
Comment 29•7 years ago
|
||
mozreview-review |
Comment 30•6 years ago
|
||
This is how I feel the security indicators should look. Top shows indicator for all HTTPS sites including EV. I feel EV text should be removed from the address bar as it conveys trust and I can list off a number of companies with terrible business practises who have EV certs. Middle shows mixed content indicator, and bottom shows negative insecure http indicator.
I think this is better solution than removing the https padlock entirely, and actually the use of colour in the three icons makes identification of the connection type pretty easy and intuitive. Also with a security indication icon showing on all sites, the information icon seems to me unnecessary (but it could still appear on FF's internal pages). This has the added benefit of simplifying the information area of the address bar nicely so that it looks neater and tidier.
Comment 31•5 years ago
|
||
(In reply to Daniel Baxter from comment #30)
Created attachment 9059775 [details]
Simple address bar security indicatorsThis is how I feel the security indicators should look. Top shows indicator for all HTTPS sites including EV. I feel EV text should be removed from the address bar as it conveys trust and I can list off a number of companies with terrible business practises who have EV certs. Middle shows mixed content indicator, and bottom shows negative insecure http indicator.
I think this is better solution than removing the https padlock entirely, and actually the use of colour in the three icons makes identification of the connection type pretty easy and intuitive. Also with a security indication icon showing on all sites, the information icon seems to me unnecessary (but it could still appear on FF's internal pages). This has the added benefit of simplifying the information area of the address bar nicely so that it looks neater and tidier.
Info icon will be removed per bug 1562881, so your suggestion will be partially implemented soon.
In terms of feature parity with Chrome, it is interesting to note that they still haven't implemented or announced the date for the warning symbol in all HTTP (though there is a flag for it) and no flag/exact plans for removing the lock icon. https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
Comment 32•3 years ago
|
||
The bug assignee didn't login in Bugzilla in the last 7 months.
:sgalich, could you have a look please?
For more information, please visit auto_nag documentation.
Updated•3 years ago
|
Updated•2 years ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Description
•