Closed hasux3 closed 5 years ago
beerisgood
commented
5 years ago Are you sure the add-on doesn't break websites? Also why did you say https everywhere only support popular sites? Source? It only use a database instead of try to open any sites with https like your add-on
hasux3
commented
5 years ago database is correct and i have edit that, i have try for a month this addons and don't see any problem. EFF Atlas database is not complete and many site that support https there aren't on it. it isn't possible to put all website all over the world that support https into a database!
Mikaela
commented
5 years ago How does it compare with HTTPZ which has also been requested to replace HTTPS Everywhere in https://github.com/privacytoolsIO/privacytools.io/issues/778?
hasux3
commented
5 years ago HTTPZ force to https only and don't redirect to http if site not support https and user get error. this mean with HTTPZ http site don't load at all !
Mikaela
commented
5 years ago They say the opposite:
When you are about to visit a site over HTTP, that request is aborted and a new one is started over HTTPS. If that request results in an error related to HTTPS (not just any kind of error), it is automatically redirected back to HTTP, and all subsequent requests to that host are ignored by the extension for the rest of the session (until Firefox is restarted). Since 0.6.0 this period can be customized.
atomGit
commented
5 years ago HTTPZ force to https only and don't redirect to http if site not support https and user get error. this mean with HTTPZ http site don't load at all !
absolutely not true - it falls back to http if https fails and whitelists the domain for a period of time (configurable)
HTTPZ is by far the simplest of these add-ons, it works with containers, it works with FPI enabled (others don't/may not) and there's nothing that needs to be configured - i also know the developer to be a great guy so there's no worries of any crapware making its way into this ext.
privacytoolsIO
commented
5 years ago "Like the issues with STARTTLS (vs "Implicit TLS"), a downgrade attack could be executed against browsers using Smart HTTPS to prevent them from upgrading to HTTPS; probably when it would be needed most." Source
atomGit
commented
5 years ago though i recommend HTTPZ, it too has a caveat that those considering it for inclusion in privacytools.io may want to consider...
Unlike HTTPS Everywhere, this extension doesn't take care of sub-requests triggered from HTTP-only sites. For now, it outright ignores those requests, because using the same approach with those (retrying on error) is very complicated and has significant drawbacks.
i don't know how other add-ons deal with 3rd party requests from http sites
jonaharagon
commented
5 years ago Like @BurungHantu1605 said, the possibility for downgrade attacks makes this and HTTPZ (#778) both non-recommendable IMO. It's unfortunate HTTPS Everywhere has to rely on whitelists but it's the more secure option.
hello, HTTPS Everywhere have a database of many site that should be use https but many sites there are not on their database and do not redirect to https automatically! HTTPS Everywhere work for popular site only!
smart HTTPS work for all site and do not have a seperate database, Automatically changes HTTP addresses to the secure HTTPS (for all sites), and if loading encounters error, reverts it back to HTTP.
it is good to remove HTTPS Everywhere from your site and add smart HTTPS
https://addons.mozilla.org/en-US/firefox/addon/smart-https-revived/