Consider the UX/UI requirements of HTTPS by default

As part of the Collaborative ResistancE to Web Surveillance (CREWS)'s project with UCL we are going to build a prototype to understand of effectiveness of enhanced eavesdropping protection in Tor Browser.

The first phase is aimed at increasing individual resistance by offering HTTPS by default. The changes made in the prototype need to be legible, so users are aware of the implications of HTTP vs HTTPS; and provide agency, offering the option for users to proceed regardless.

In doing so we should consider the following:

• Document the new user flows that will be introduced by this functionality, paying particular attention to pain-points caused by potential website breakage and/or mixed content (see this UMD study for reference) and options for error recovery.

• Review Firefox's UI for HTTPS Only Mode [Option 1], HTTPS Everywhere's EASE-Mode [Option 2], Tor Browser's per-site settings and modify or provide new UI where appropriate.

• Update about:preferences if necessary, and consider @antonela's proposal to tie HTTPS-Only Mode to a particular safety level.

• Input into the testing plan to evaluate these changes to the prototype.