My Firefox already does this for some sites and at times makes me jump through hoops to get to where I want to be which I know is 100% safe.

Is this similar to what Google is proposing?

No, but the proposal (which is very general at this point) offers a lot of leeway to UX vendors. For example, one browser might make users jump through hoops, while another night simply have a "This site doesn't use a secure protocol" warning label in the address bar.

Also, everyone seems to have missed this line in the proposal:

"Ultimately, we can even imagine a long term in which secure origins are so widely deployed that we can leave them unmarked (as HTTP is today), and mark only the rare non-secure origins."

Does anyone else have this with Firefox and have gotten so used to clicking "continue" that it may as well not be there?

Not FF, and I use it a lot, but I have seen it with various Anti Virus and Internet Security programs. Do you have any of those installed?

Does anyone else have this with Firefox

Yes - see my earlier post - on https pages with non-secure content (and as lucy24 put it, "Just how secure does a stylesheet have to be?!"), but not on normal http pages.

Implementation of this on all pages with the current number and proportion of non-https sites will in my view make Google look silly and users quit Chrome much faster than it will induce all http site-owners to pay for certification.

Possibly Chrome will merely do what FF is doing already, but the proposal clearly states "Marking HTTP Sites as non-secure", so I doubt it.

Would the next step be to insist that all sites install Google scripts, so they can go on tracking what we do?

on https pages with non-secure content

Aha, this is definitely where I'm experiencing it, just went there and got this message in FF:

This Connection is Untrusted

You have asked Firefox to connect securely to example.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.

What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

Get me out of here!

Technical Details

I Understand the Risks

That would surely scare the crap out of anyone not knowing where they were going and what they were doing?

The last time I got a "non-secure" warning,* I stopped to read the fine print before clicking the "Yeah, yeah, go ahead" button. Turn out it wasn't explicitly saying the site was non-secure, only that the certificate was issued by an unknown source. So that's where using an older browser makes a difference: their list of certificate-granting agencies is no longer updated.


* A new robot's UA string included a link to an HTTPS page. Why a webmaster-information page has to be HTTPS-- the site as a whole isn't-- is anyone's guess. Yup, I checked: if you request HTTP they redirect.

I run a completely informational site. My original feelings were as negative as most people here. Then I read about Comcast injecting javascript ads into pages. That alone was enough to change my mind.