Why tho? How tight should my foilhat be about this, why would it suddenly need this permission?
Why tho? How tight should my foilhat be about this, why would it suddenly need this permission?
Gabriel Kelly
Michael Thomas
It always needed this permission.
Samuel Wilson
Michael Evans
this
/thread
Chase Carter
this piece of shit uses more ram than 4 youtube tabs
Matthew Perry
Serious and perhaps stupid question: Why is this shit so resource intensive? What more does it need to do other than to add an 's' to each request?
Jose Wood
Look at OP pic, retard. It is a recent update(this week)
Christopher Phillips
Try Smart HTTPS, it does just that.
HTTPS Everywhere uses an actual list of known websites that work with https.
Gavin Bailey
No it fucking didn't, I saw this too.
Isaac Evans
Oliver Russell
Because it maintains and parses an actual list of HTTPS websites. It's actual honest-to-god awful programming.
Jack Thompson
What are the essential safety add-ons to use? All I have is HTTPS Everywhere and Ublock Origin
Daniel Roberts
It always needed this permission, to rewrite HTTP links on the page to HTTPS. So does every similar extension.
HTTPS Everywhere recently added FTP support, which triggered this warning because Firefox confusingly includes FTP servers in their definition of "All websites'. One of the devs discusses it here:
>github.com
Those two are essential. I'm also a fan of Decentraleyes and Multi-Account Containers. There's also one that blocks canvas fingerprinting, if I remember correctly.
Logan Allen
containers are a part of ff itself, temporary containers are the real thing
Zachary Young
is it too hard to press letter s?
Ryder Barnes
why are you using that dumb thing? smart https is much better
Liam Rivera
It's always needed the permission, it was a bug that caused that dialog window to pop up.
No it doesn't lol
Ryan Kelly
smart https is useless, anyone can MITM you by blocking the https request
Alexander Bennett
Firefox has no GUI to manage containers out of the box. That's what Multi-Account Containers does.
I can see the use case for temporary containers, but I just use private browsing for that. I use containers to separate the login cookies of my different identities.
Jackson Reyes
What? And you can use whitelists or blacklists. More options that https everywhere doesnt give you.
Ayden Moore
µMatrix as well
Angel Jenkins
private browsing doesn't isolate everything per domain
Nathaniel Richardson
>visit example.com
>smart https requests example.com
>mitm hacker guy blocks your request
>smart https downgrades connection to example.com because it thinks example.com doesn't support https
>mitm hacker guy can now read your data
now you could add example.com to the blacklist (which as far as i understand forces https and prevents connection downgrading). but you would have to do that for every site that supports https. guess what https everywhere does? it maintains that list for you. and it does more than just appending https, e.g. if example.com is only accessible via https by going to secure.example.com, it will rewrite your requests.
Jason Martin
You're retarded. This isn't even an issue if you know what you're doing. It's most likely not an issue if you don't even know what you're doing.
And smart https always forces https so your last point is not an advantage.
Using a list is retarded. You trust they will add every domain and new domain for sites people visit?
Michael Howard
if it always forces https it will break every website that doesn't support https. you are retarded.
Jack Anderson
Are you pretending to be retarded? Try learning how it works before commenting nonsense.
Luis Peterson
i already explained how it works and how it is susceptible to downgrade attacks in
Grayson Lopez
This is true for any connection that isnt encrypted. The same could happen with https everywhere. Https would actually be more susceptible because it has a limited number of sites to force https.
Charles Martinez
*https everywhere would be more susceptible
Ethan Jones
a connection that isn't encrypted doesn't need to be downgraded to be spied on since everything is in plain text already.
i don't think you understand what a downgrade attack is.
unlike smart https, https everywhere won't switch to http if a site doesn't respond via https.
Liam Perez
>unlike smart https, https everywhere won't switch to http if a site doesn't respond via https.
So it wont connect to the site at all without any option to allow it? Also see upgrade-insecure-requests. This will block http requests and only allow https if enabled.
Landon Scott
> So it wont connect to the site at all without any option to allow it?
it will not connect to a site that is known to support https (that is a site that is in https everywhere's rule list). instead you will get an error. it won't silently fall back to http. of course you can disable the rule for the site in question if you know what you are doing.
upgrade-insecure-requests tells the browser to load all content on the site using https, even it is referenced with http. this is mainly useful if a site operator activated encrypted on a site but rewriting all content references to use https would be to much of a hassle. it will get rid of mix content warnings in browsers, but it won't help with the initial request.
Jack Bell
smart https > https everywhere
Michael Moore
thank you for this valuable input
Angel Moore
Agreed
William Clark
smart https sucks and is laggy af
Alexander Mitchell
Why does s/http/https/g need these permissions? And why does it waste so much RAM? Are there extensions that do only this and nothing more?
Blake Williams
Noah James
Does this even matter? Aren't both FF and chrome going to soon be defaulting to https?