New issue
Advanced search Search tips

Issue 805417 link

Starred by 2 users

Issue metadata

Status: Available
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Feature



Sign in to add a comment

Show an interstitial for HTTP pages

Reported by austinbo...@grcc.edu, Jan 24 2018

Issue description

PRIVACY ISSUE
HTTP exposes individuals to insecure and potentially unsafe web connections. Without SSL certificates from a trusted CA, there is no way to safely trust a website and all content. All Google Chrome/Chromium users should be prompted with a dialog informing them "The website you are visiting does not support safe connections. You may continue at your own risk. Continue / Leave"... just the same as an invalid HTTPS/SSL certificate. The deprecation of HTTP began back in 2014, we are 4 years deep and no major progress has been made. Time for drastic action. Get Mozilla on board with you and do this. IE can be unsafe if they want.

VERSION:
Chrome Version: ALL
Operating System: ALL

REPRODUCTION STEPS
Just load any non-SSL website.
 
Labels: Type-Feature
Summary: Show an interstitial for HTTP pages (was: HTTP is a security mistake)
While progress is always slower than we'd like, it's absolutely untrue that "no major progress has been made." The charts at https://transparencyreport.google.com/https/overview?hl=en provide a partial picture of the significant increase in encrypted traffic on the web, and Chrome, Firefox and Safari are all making UX changes to continue to encourage adoption. 

You can use flags to ramp up the security warnings for HTTP in Chrome today; see chrome://flags/#enable-mark-http-as in Canary or chrome://flags/#mark-non-secure-as in earlier builds.
Cc: emilyschechter@chromium.org
Status: Available (was: Untriaged)
A related idea is posed in https://bugs.chromium.org/p/chromium/issues/detail?id=845179#c4 to provide an "HTTPS-only" mode for users that want to opt-in.

Sign in to add a comment