[entropyie]

Also, today, if your Mom visits google.com, for the first time, and the hotel blocks port 443... guess what? It will try to connect to google.com using HTTP on port 80... at which point the hotel can inject whatever they like.

In terms of UX, in my scenario, if they "really" wanted to, the browser could fake a HTTP:// scheme along with the crossed out lock icon, effectively identical to the status quo in terms of UX, but with improved (not perfect) privacy.

[Flimm]

Webmasters can ensure that browsers only load their websites over port 443 by submitting their domain to the HSTS Preload List.

Surprisingly, google.com is not on this list: https://hstspreload.org/?domain=google.com

[dale_glass]

I expect that to go away eventually, by browsers simply not allowing HTTP for non-local requests. This means a hotel doing this looks like one where wifi just doesn't work.