"What's the alternative? There is no difference on the wire between a self-signed certificate for a site that simply doesn't care about certificates, and a self-signed certificate that is the sole marker of an attacker having hijacked the TLS connection of a site that very much does care about its security. A MITM attack looks identical on the wire to a self-signed cert."
How about adding another signal? It sounds like you're arguing with the sea, expecting normals to change.
Use the recent https-only header that says "if you ever see an insecure connection to this site, it's a bug", and pre-populate the list.
Stop assuming that users will eventually get it, and design a better product.
How does HSTS (the "https-only header") help with self-signed certificates? HSTS doesn't mean "this site won't work if its certificate is self-signed".
It doesn't matter. The ONLY thing HSTS does is tell the browser to make future requests over HTTPS. If an HSTS site switches to a self-signed cert between my visits, the browser will still get warn me, because the new cert is suspicious.
How about adding another signal? It sounds like you're arguing with the sea, expecting normals to change.
Use the recent https-only header that says "if you ever see an insecure connection to this site, it's a bug", and pre-populate the list.
Stop assuming that users will eventually get it, and design a better product.