Integrate HTTPS Everywhere

[zekooooo]

HTTPS Everywhere is a Firefox addon by EFF which automatically redirects all HTTPS-capable websites from http:// to https://

Integrating this addon or implementing it in FF Focus/Klar would go a great way toward the security of users on public Wifi and on ISPs in authoritarian countries. It would also save already security-savvy users from having to prepend "https://" to the URL when typing in a domain manually.

[cadeyrn]

Firefox Focus has no add-on support at all so it's not possible to integrate this (or every other) add-on. And to be honest I don't think that add-on support is in scope for Firefox Focus. Firefox Focus is limited by design, Fenix is a more feature-rich browser with add-on support - and it already supports HTTPS Everywhere.

[4ut0-M-4t]

@zekooooo, you can incert user_pref("dom.security.https_only_mode", true) in your prefs.js file or create hardened user.js with the help of this guide.

[zekooooo]

@cadeyrn - Focus/Klar is at 180MB the biggest browser I have on my device. The only difference between it and other FF browsers is that it doesn't lag with JS disabled. Therefore I don't see bloat as a reason why a security feature like this shouldn't be implemented.

@4ut0-M-4t - Thanks for the suggestion! Are you sure that this is possible on Focus/Klar on an unrooted phone?

[cadeyrn]

Why did you mention me? I have nothing to do with your comment. 🤔 I didn't talk about file size or "bloat" at all. My comment was a) about the fact (!) that Focus does not support add-ons so HTTPS Everywhere can't be integrated as long as there is no add-on support and b) the conceptual differences between both browsers.

The only difference between it and other FF browsers is that it doesn't lag with JS disabled

If you really think that there are no differenes between Firefox, Firefox Preview and Firefox Focus then it's difficult to have a serious discussion about these products…

[zekooooo]

Cadeyrn sorry I thought it was normal etiquette - you said something to me and I wrote a belated response to you.

You were talking about scope and what is the programmers' intent behind Focus, Preview etc. I'm talking about what the practical differences are for a regular user like me. Non-WebView and non-GeckoView Firefox is simply too damn slow with any script blocker on old and/or non-flagship phones. Hence my extra interest in improving the security of Focus/Klar's GeckoView.

Re: addon thing, I'm aware that Focus/Klar doesn't support addons, so it can't be added like Pocket to the desktop browser. However the functionality can still be replicated by writing the code from scratch, in the worst case. Of course, it would be more work than just adding an add-on. Is there anything beyond scope as a reason why this security add-on functionality shouldn't be added to Mozilla's only fast Android web engine?

[J0WI]

Duplicate of #596

[ghost]

@zekooooo, you can incert user_pref("dom.security.https_only_mode", true) in your prefs.js file or create hardened user.js with the help of this guide.

@4ut0-M-4t Is it possible to pull and push the files using adb. This is super fascinating! Imagine using adb to tweak prefs.js/user.js!!

[lobontiumira]

Currently, in the latest Focus builds, the user has the HTTPS-Only mode available in three-dot menu - Settings - Privacy & Security - Security section. I'll close this ticket.