[mholt]

For my masters thesis, I proposed replacing the security indicator with a risk indicator: "After HTTPS: Indicating Risk Instead of Security" - https://scholarsarchive.byu.edu/etd/7403/

Turns out there are lots of localized, privacy-preserving cues you can observe to determine whether a user may be at some level of risk, that doesn't involve a centralized blocklist or a boolean answer; and users really appreciated the "heads up".

I think a control panel like this is a good step forward after ubiquitous HTTPS. I also think user agents can do more to protect and warn users in ways that are less easily spoofed by malicious sites. Looking forward to seeing future developments!

[sedatk]

Microsoft Edge already does that. They show a quite prominent "Not secure" sign with an exclamation mark instead of the regular hollowed out (aka very indistinguishable) lock icon when the connection isn't trusted HTTPS.

[madeofpalk]

All browsers to do this now, to varying levels of severity.

Firefox gets a padlock with a red slash through it, Chrome gets that warning icon with "Not secure", and Safari just says "Not secure".