Consider the UX/UI requirements of HTTPS by default
As part of the Collaborative ResistancE to Web Surveillance (CREWS)'s project with UCL we are going to build a prototype to understand of effectiveness of enhanced eavesdropping protection in Tor Browser.
The first phase is aimed at increasing individual resistance by offering HTTPS by default. The changes made in the prototype need to be legible, so users are aware of the implications of HTTP vs HTTPS; and provide agency, offering the option for users to proceed regardless.
In doing so we should consider the following:
Document the new user flows that will be introduced by this functionality, paying particular attention to pain-points caused by potential website breakage and/or mixed content (see this UMD study for reference) and options for error recovery.
Input into the testing plan to evaluate these changes to the prototype.