Open Bug 1687722 Opened 4 years ago Updated 3 years ago

Consider enabling HTTPS-Only Mode in ETP Strict Mode

Categories

(Core :: Privacy: Anti-Tracking, task, P3)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
task

Tracking

()

People

(Reporter: ckerschb, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(1 file)

https_only_strict_mode.png
93.00 KB, image/png
Details

We should consider enabling https-only-mode in ETPs (Enhanced Tracking Protection) strict-mode.

We could add another line after Fingerprinters that basically indicates that HTTPS-Only-Mode is enabled.

Do you mind if I move this to the Privacy component? This seems like a call for the Privacy team to make :)

Arthur, should we set something up to discuss this briefly? It feels like a good idea to me but I’d like to make sure we’re all comfortable with this. It’s definitely not easy getting a feature out of strict mode (i.e. regressing user privacy) retroactively if we end up not wanting it after all.

Component: DOM: Security → Privacy: Anti-Tracking
Flags: needinfo?(arthur)

Moving the component is totally fine. Please note that this bug is really for consideration only at this point. Consideration in a sense that we should start a discussion around putting https-only into strict mode eventually :-)

Flags: needinfo?(arthur)
Flags: needinfo?(mwalkington)

Michelle and I chatted a bit with Arthur about this already, but wanted to sum it up here so I can clear my need-info!

I recommend we take a step back and consider redesigning and reframing the privacy and security section of Preferences entirely. The current design and information architecture can't gracefully accommodate continued one-off additions— and I don't think doing so is communicating our protections in a clear and compelling way to users. At first glance, HTTPs-Only mode doesn't fit well under the "block tracking" umbrella of the current ETP section.

I recommend we revisit the broader goals for privacy and security messaging and roadmap post MR1.

Flags: needinfo?(mwalkington)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: