https-everywhere
https-everywhere copied to clipboard
EFForg
Warn users about insecure links on search engines
Type: feature request
Following up on a conversation we had in-person earlier. It would be nice if HTTPS Everywhere could warn users about insecure links on search engines that can't be upgraded. For example, we could do something like the following:
Opening this issue for discussion:
-
Should this happen in HTTP nowhere mode, or all the time?
-
We talked about checking, on the fly, whether http:// links can be upgraded. Is it OK to make the number of requests that would be required to check each link on a page full of them? Is there another way to do it (on hover, maybe, or after some kind of dialog)?
-
What's the right styling to do? Red text plus tooltip on hover? Strikethrough? Should we remove insecure links altogether in HTTP Nowhere mode?
-
Where should we do this? It's probably too dangerous to modify
a's everywhere, but we could start by covering the major search engines (e.g. Google, Bing, DDG, Disconnect).
Related to #14895.
@Hainish @jsha @sydneyli
Regarding styling: We should add a cross or strike on the logo, blind color users might misinterpret this as "S" for secure.
We should do user testing first, if we can't find alternatives to do this it should be an option disabled by default and gather feedback that way.
-
I'm not sure about how long it would take to check on the fly. I guess how we do it depends on how long it takes to do it.
-
I don't think we should remove HTTP links yet, it might cause confusion when there is missing stuff. The warning should be sufficient. It could also, as an option, be there with the warning and disabled. Hovering on the icon should the URL in case of inline links.
Would this feature need to be built separately for each major search engine? If yes: Which search engines would you consider supporting?
Should this be done with search engines' search results alone, or for any page that contains any sort of unsecure link?
