"Insecure connection" icon display for non-HTTPS non-onion sites
+pref("security.insecure_connection_icon.enabled", true);Activity
FYI: there's also a text option, and don't conflict with the PB mode only prefs: i.e I know TB always opens in PB mode (by default), but I have no idea what happens if you have both icon prefs as true, that in a normal window, the icon will appear.
/* display "insecure" icon and "Not Secure" text on HTTP sites ***/ user_pref("security.insecure_connection_icon.enabled", true); // [FF59+] user_pref("security.insecure_connection_text.enabled", true); // [FF60+] // user_pref("security.insecure_connection_icon.pbmode.enabled", true); // [FF59+] private windows only // user_pref("security.insecure_connection_text.pbmode.enabled", true); // [FF60+] private windows onlyThey don't have malicious exit nodes? Hah.
("This work is part of the preparation for moving to a completely HTTPS web, the idea being that in the near future insecure sites will be specially indicated, rather than secure sites." https://groups.google.com/forum/#!topic/mozilla.dev.platform/xaGffxAM-hs/discussion)
-
FYI? There is no information. Useless data only.
Seriously? See #25660 (moved) , proposed by Arthur, where it is entirely conceivable that at some stage Tor Browser might flip the switch on the current position of starting in PB mode (because quite frankly almost all if not everything disabled in PB mode can also be done with prefs, and sanitizing each New Identity is not affected, but there may be a couple of things that need to be looked at, and the benefits IMO are worth it, but that's a discussion for elsewhere - even if right now gk seems to think its a wontfix).
Now imagine if in the meantime, Mozilla decide to turn on the pb mode only warnings, and this migrates to the Tor Browser. Now you'll find that your solution doesn't work. It pays to look at the code and understand that another pref influences the one you listed
Additionally, the text prefs were added since they are also an option for gk et al to consider
https://groups.google.com/forum/#!topic/mozilla.dev.platform/xaGffxAM-hs/discussion%5B1-25%5D
That's an almost four year old discussion. The upstream bug for the pref is https://bugzilla.mozilla.org/show_bug.cgi?id=1310447 (no need to provide the text one since its the same stuff, just one release later). Comment 59, currently the last one, says that "Chrome will be showing "Not Secure" for HTTP websites, starting in Chrome 68 (July 2018)" ... so I personally think that Mozilla have forgotten about this, and could be reminded to enable it, so it's handled upstream and would no longer need to be "patched" at this end once ESR68 is used - of course, flip the pref in the meantime.
Here: https://bugzilla.mozilla.org/show_bug.cgi?id=1434626 (FF60+) it was enabled for Nightly only - and after that a quick search reveals nothing. So I definitely think that Nightly test should be over and a decision made.
https://bugzilla.mozilla.org/show_bug.cgi?id=1310842 is another patch relevant here, but development seems to be stalled, too.
Trac:
Summary: "Insecure connection" icon display for non-HTTPS sites to "Insecure connection" icon display for non-HTTPS/non-onion sites-
Replying to cypherpunks:
No patch is required (as you've already patched TBB ;) ).
Summary has been corrected to reflect the current behavior in TBB.
You mean if I enable those preferences AND I visit a non-https .onion those warning indicators are not shown?
Replying to gk:
Replying to cypherpunks:
No patch is required (as you've already patched TBB ;) ).
Summary has been corrected to reflect the current behavior in TBB.
You mean if I enable those preferences AND I visit a non-https .onion those warning indicators are not shown? What those prefs? Don't read FUD, Georg ;)
This ticket has a one-liner that does exactly what you ask for.
-
FWIW, this is a duplicate of #25204 (moved).
Trac:
Resolution: N/A to fixed
Status: new to closed