🆕 Software Suggestion | smart HTTPS addons is better than HTTPS Everywhere #810
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#810
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
hello, HTTPS Everywhere have a database of many site that should be use https but many sites there are not on their database and do not redirect to https automatically! HTTPS Everywhere work for popular site only!
smart HTTPS work for all site and do not have a seperate database, Automatically changes HTTP addresses to the secure HTTPS (for all sites), and if loading encounters error, reverts it back to HTTP.
it is good to remove HTTPS Everywhere from your site and add smart HTTPS
https://addons.mozilla.org/en-US/firefox/addon/smart-https-revived/
Are you sure the add-on doesn't break websites?
Also why did you say https everywhere only support popular sites? Source? It only use a database instead of try to open any sites with https like your add-on
database is correct and i have edit that,
i have try for a month this addons and don't see any problem.
EFF Atlas database is not complete and many site that support https there aren't on it.
it isn't possible to put all website all over the world that support https into a database!
How does it compare with HTTPZ which has also been requested to replace HTTPS Everywhere in https://github.com/privacytoolsIO/privacytools.io/issues/778?
HTTPZ force to https only and don't redirect to http if site not support https and user get error. this mean with HTTPZ http site don't load at all !
They say the opposite:
absolutely not true - it falls back to http if https fails and whitelists the domain for a period of time (configurable)
HTTPZ is by far the simplest of these add-ons, it works with containers, it works with FPI enabled (others don't/may not) and there's nothing that needs to be configured - i also know the developer to be a great guy so there's no worries of any crapware making its way into this ext.
"Like the issues with STARTTLS (vs "Implicit TLS"), a downgrade attack could be executed against browsers using Smart HTTPS to prevent them from upgrading to HTTPS; probably when it would be needed most." Source
though i recommend HTTPZ, it too has a caveat that those considering it for inclusion in privacytools.io may want to consider...
i don't know how other add-ons deal with 3rd party requests from http sites
Like @BurungHantu1605 said, the possibility for downgrade attacks makes this and HTTPZ (#778) both non-recommendable IMO. It's unfortunate HTTPS Everywhere has to rely on whitelists but it's the more secure option.