[REMOVE] HTTPS Everywhere

Question

[REMOVE] HTTPS Everywhere

mfwmyfacewhen opened this issue 3 years ago · 5 comments

mfwmyfacewhen commented 3 years ago

Checklist

I have read the guidelines in CONTRIBUTING.md
Include my name in CONTRIBUTORS.md
I am affiliated with this alternative

Alternative name

HTTPS Everywhere

Reason

HTTPS Everywhere is going to be deprecated after 2022. Firefox and Chrome already support HTTPS-Only modes.

Answer 1 · 2022-05-14T13:37:42.000Z

This should definitely not yet be removed until it's actually inoperable. There are no other extensions supporting mixed content rulesets! This allows many sites to be force do use HTTPS except on known broken domains, even some of Google's own domains need to have these rulesets to maintain full functionality.

Answer 2 · 2022-05-15T15:31:45.000Z

What happens on browsers with https-only mode is they will display a warning saying "are you sure you want to go to the http site", click here to bypass.

That way they avoid enumeration of badness by simply not having rule set, so yes, https-everywhere definitely should be removed as it has been superseded by better options. Also it's unmaintained upstream.

Answer 3 · 2022-05-16T01:07:09.000Z

That warning does not work for mixed content on separate domains since the browser doesn't modify CSP in the same way the extension does (that was the reason to the best of my memory). The extension will be sunset 2023, but in the meantime it's still being maintained as are the rulesets, so why remove it? At least replace it with how to turn on HTTPS only mode https://www.eff.org/https-everywhere/set-https-default-your-browser.

Answer 4 · 2023-10-19T23:52:37.000Z

Reopening for now until I check the status of HTTPS Everywhere

Answer 5 · 2023-10-20T00:31:28.000Z

HTTPS Everywhere is to be removed.