1703699 - Consider changing title in HTTPS-Only Mode error page

Status: RESOLVED FIXED

(Core :: DOM: Security, task, P3)

Description

[Arthur Edelstein [:arthur]]

Right now the title for the HTTPS-Only Mode error page is "Secure Connection Not Available." This message can be confusing, because it might seem to imply that something is wrong with the user's connection to the internet, when in fact it is simply referring to the HTTPS security support of the website. (See https://twitter.com/polychronakis/status/1375455792447508482)

Possible alternatives:

• "This Site is Not Secure" (from mt)
• "Secure Connection to this Site Not Available"

Comment 1

[Arthur Edelstein [:arthur]]

Meridel, what do you think?

Comment 2

[Meridel [:meridel]]

It's true, based on past user research, that the word 'connection' can be confused for 'internet connection.' In this case, the content surrounding the current headline (above and below) does help clarify that we are talking about an HTTPS-Only issue (a feature the user opted into so I think we can make some assumption that the user has more knowledge than the average person about the issue at hand).

I don't think the proposed alternatives are more helpful:
This Site is Not Secure"— is it true that the site itself is not secure? I didn't think this was accurate—the issue is still about the connection from Firefox to the site. This version also makes the level of risk seem much higher. Since non-HTTPS sites are still fairly common I would hesitate to up the warning level unless PM feels we should.
"Secure Connection to this Site Not Available"— Could still be misinterpreted as being an issue with the internet connection.

I propose we do something more specific and streamlined. Please see proposal here: https://docs.google.com/presentation/d/1RXy1fojmIPXWte9O1GF4v2aiP6uKAdpp96emKQWMdv0/edit#slide=id.gd0e51c7358_0_0

Comment 3

[Meridel [:meridel]]

Arthur, please review the latest proposal: https://docs.google.com/presentation/d/1RXy1fojmIPXWte9O1GF4v2aiP6uKAdpp96emKQWMdv0/edit#slide=id.gd0e51c7358_0_0

Thanks!

Comment 4

[Meridel [:meridel]]

Attachment: Screen Shot 2021-08-13 at 12.34.44 PM.png

Arthur signed off on a new header and new a string for the "what could be causing this" section. See this screenshot — changes highlighted in green.

Emily, I don't think there are legal concerns with these changes but please let me know. The "Current" is the version you previously signed off on.

Comment 5

[Meridel [:meridel]]

After some more discussion, and previous feedback from PM, we should keep the sub-header (HTTPS-Only Mode Alert), which makes it clear the user is seeing this warning because they opted into HTTPS-Only mode.

We only need to change one word to address the issue Arthur raised:

Current header: Secure Connection Not Available
New header: Secure Site Not Available

Comment 6

[Tomer Yavor]

Attachment: Bug 1703699 - Consider changing title in HTTPS-Only Mode error page. r=ckerschb

Comment 7

[Christoph Kerschbaumer [:ckerschb]]

(In reply to Meridel [:meridel] from comment #5)

New header: Secure Site Not Available

The patch is r+ed now and I guess we are now waiting for sign off from Emily, then we could go ahead and get that landed. Emily, any objections?

Comment 8

[Emily Litka]

This is fine - thanks!

Comment 9

[Pulsebot]

Pushed by mozilla@christophkerschbaumer.com:
https://hg.mozilla.org/integration/autoland/rev/c985110bb4b5
Consider changing title in HTTPS-Only Mode error page. r=ckerschb,fluent-reviewers,flod

Comment 10

[Cristian Tuns]

https://hg.mozilla.org/mozilla-central/rev/c985110bb4b5