[talkin]

Common misconception, but Https / TLS provides a combination of gaurantees, and the one cannot work without the other:

Encrypted transit but you might be talking with the hacker on the other end == worthless.

And with plaintext transit you cannot prove integrity during transit AND also not prove talking with the proper endpoint.

In short: Browser really is warning you that something is fishy. Don’t shoot the messenger.

[Nextgrid]

I think his complaint is that HSTS also prevents the user from overriding it and Firefox is complying, which I agree is a bit annoying.

[talkin]

Complaining about no overrides is complaining about not being able to ignore quite serious symptoms.

Firefox makes you fix the root problem.

[JonChesterfield]

Bingo. Primarily because I don't really mind if reading this post is compromised, but at least partly because I hadn't thought through the implications of vodafone intercepting traffic.