I don't know how recent this change is but I noticed #Firefox removed https:// from the address bar so now every link and every website I visit looks insecure.

yv@mastodon.social

@Gargron In my case, what you describe after the update to 140 did not happen. But there are one (or two) settings relevant in the About:config screen.
I once changed the browser.urlbar.trimURL setting to "False" (as it should be ). That setting was not altered to the default "true" in my case.
That setting alters both the displaying of http:// and https:// to display it or not.

There is also the setting: browser.urlbar.trimHttps
That only focuses itself to https. 1/2

petko@social.petko.me

@Gargron do you consider this to be false? A site *can* be insecure even over HTTPS. It *is* insecure if it is over HTTP, and firefox is displaying this for me:

chapz@mastodon.online

@Gargron Secure is the default expectation. Open a http site and see how the browser behaves. I would expect a lot of clear signs, that the page is insecure without needing to see http in the address bar.

zekovski@pouet.chapril.org

@Gargron
I use the extension https everywhere.
So I get notified when a website is only http. Might help your problem.

epicdemiologist@wandering.shop

@Gargron Must have been part of the update I keep refusing; mine still shows the https. Good to know. (I'm running 137.0.2)

marcintosh@mastodon.social

@Gargron Why show the protocol at all if they’re not going to differentiate?

jon@social.vivaldi.net

@Gargron , I would have thought there is a setting for this. In @Vivaldi there is.

davidblue@mastodon.social

@Gargron almost positive showing full urls int he address bar always is a flag? it definitey is in chromium.

I get what you're saying though... I feel (and have long felt) quite strongly that there is zero reasonable case for obscuring any one part of a given url/path and the *only* result is this sort of confusion.

kimmoahokas@mastodon.social

@Gargron I think browsers started removing https indicators around 2019. Generally people don’t notice something like the padlock is missing, so they are instead going to mark it red if site is not https. As certificates have become free and something like 99% internet is https I think that makes 100% sense.

toddalstrom@mastodon.social

@Gargron But the red line through the padlock, “not secure” callout, and “http://” in the address bar is very in your face when visiting a connection that’s not secure.

ekpyroticfrood@mastodon.social

@Gargron What frustrates me most is if you select it and copy and paste it, the "http://" or "https://" is i the pasted text.
How do I copy without that? You cannot. It is bad user experience to put something in your paste buffer that you didn't highlight. (I also honestly felt it was good for users to see "https://" because it reminds people that there is a network here. It also opens the door to using other protocols without confusing people too much.)

frederik@mastodon.social

@Gargron They actually do the opposite now (just like safari did for years): encryption is now the default, and it’s showing a big warning when https is not supported

rpin42@mastodon.social

@Gargron it’s a little shield on the iOS version and I’m pretty happy with that. I’m sure I get a warning if I go to a site without a certificate too, that is http:// is notified, not https:// these days of ubiquitous encryption

pointlessone@status.pointless.one

@Gargron I dunno, it has padlock right before the domain.

3dcandy@mastodon.social

@Gargron that's because all the others do it that way now...

greatbigtable@mastodon.social

@Gargron agreed. 100%! This is a bad UI change.

satomew@mastodon.social

@Gargron Here are the relevant bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1067293 https://bugzilla.mozilla.org/show_bug.cgi?id=1850491

craniac@mastodon.social

@Gargron When you place the cursor at the left side of the url so you can pasted in "archive.is/" it mangles it now.