Read on Twitter
1/ After a very long gradual rollout, thanks to @carlosjoan91's efforts, mixed content is no longer really a thing in Chrome: any http:// subresources on https:// pages will be either upgraded to https:// or blocked. ( https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html)
2/ Breaking websites is painful for everyone, but it's a net positive to close off this vestige of a much less secure/private legacy web. I remember whiteboarding the beginnings of this effort with @mikewest in... 2017? in Munich?
3/ back in the before-times when we could travel internationally, on airplanes, to whiteboard stuff in poorly ventilated conference rooms. Ahh, good times.
4/ The hypotheses of our approach were that (a) a good portion of mixed content on the web is accidental developer error and can be fixed by transparently upgrading to https, and (b) a good portion of mixed images in particular are resources that don't really affect the UX…
5/ …of a website much (tracking pixels, small cosmetic elements, etc.). (a) turned out to be mostly true; somewhere in the neighborhood of 50% of mixed images load just fine over https.
6/ We were never able to validate (b) empirically (free research paper idea: how do you measure whether a particular subresource "matters"?), but we still think it's probably true based on the fact that we've gotten far, far fewer bug reports, complaints, etc. than what we'd…
7/ …expect for breaking something that occurs on ~1.5% of all page loads.
