A HTTPS Everywhere replacement Topic is solved

[KrasnayaPloshchad]

I have found an extension can be used as HTTPS Everywhere replacement, and you can mentioned it at Known Incompatible Add-ons page. This is available here:

https://addons.mozilla.org/en-US/firefo ... p-nowhere/

[BenFenner]

What's wrong with Encrypted Web, the Pale Moon port of HTTPS Everywhere?
I've been using it for many months now, possibly even years, I forget.

Oh... I guess I see what the problem is. It's unsupported according to this: https://addons.palemoon.org/addon/encrypted-web/

Hmmm, seems to work fine for me on PM 27.4.2, but maybe that' s not the case? Maybe it's not working and I didn't notice...

The list of incompatible add-ons says: "(NOTE: This extension has been abandoned and will not work on Pale Moon 27 or above"
https://addons.palemoon.org/incompatible/

Maybe I am really out of it, but I could have sworn it's still working on all ~5 of my WIndows/Linux machines.

There may not be any newer version coming, but 5.1.5 shows a blue dot on the add-on page saying "This add-on directly targets Pale Moon" which you'd think should count for something...

[John connor]

I can't remember if it was HTTPS Everywhere or Encrypted Web, but when I installed it my browsing slowed down to a crawl.

[adesh]

You don't need a "HTTPS everywhere" add-on.

[wyMnNHXB]

To be honest, I would not recommend you to use HTTPS Everywhere or any of its replacements at all. It is literally pointless.

[dark_moon]

I agree with adesh & wyMnNHXB

[AberzombieAndGlitch]

Is there a reason you guys are claiming HTTPS Everywhere is both "not needed" and "literally pointless" ?

I'm obviously new to Pale Moon, coming over because I'm tired of the ugly UI changes/aping of the Chrome mind numbingly oversimplified aesthetic and such that Mozilla is foisting on users, and especially not happy with Classic Theme Restorer soon to be defunct.

Does Pale Moon already do the very thing HTTPS Everywhere does on Firefox (force an HTTPS connection on websites not configured to use it by default)?

[dark_moon]

Welcome to the forum!

The reason is simple: Most sites use already HTTPS. And important sites like bank sites, uses HTTPS by default so you dont need a addon for that.
Normal sites like simple news dont need HTTPS. Why should they? You dont enter private data on that kind of sites. Maybe a account for this site, but even their most normal sites uses HTTPS for login.

Sure, HTTPS protect you against read the traffic and its not a must for normal sites. And if you realy care about that, you can use TOR or a VPN if you want hide your traffic from your ISP.

So you see, such addon isnt needed, but it can make problems for example if the site dont work with HTTPS or have problems, then such addon enforce HTTPS and you have the problem.

[AberzombieAndGlitch]

Thank you for the welcome.

So I'm reading what you've said, and I can't help but feel the issue is too hastily dismissed. Sure, you may not need HTTPS for a site you don't log into. But for pretty much any site you have a login for (which is pretty common) having the connection be secure to prevent man in the middle is useful. Using TOR or a VPN are unnecessarily complex and/or costly for the average user. HTTPS is not. Lastly, you mention the possibility of a site not working with HTTPS or having problems. HTTPS Everywhere won't force HTTPS if the site does not support it, and (at least personally), I've never had an issue with it in the somewhat extensive time I have been using it with Firefox. Most sites work perfectly fine in HTTPS mode, if not, then they load in HTTP instead. Never had to disable to plugin for a website, but again, maybe that's just me or I've been lucky.

I understand that due to differences in code and the UA, etc. that plugins made for Firefox are unlikely to work with other browsers based on it, and I'm not trying to tell anyone what to do or that they have to support getting such a plugin to work, I just thought it kind of odd to be so casually dismissive of such simple and useful security.

[John connor]

I can tell you that with my website (listed in my sig) I use CloudFlare (a reverse proxy) and they solve mixed content by deploying HTTPS Everywhere and something else. So I had a lot of imgur pictures hosted, but non of the links started with HTTPS, but CloudFlare fixed that on page load. Now it seems imgur is hosting all of their images over TLS like they should be doing full time.

The Internet as a whole wants to go full blown HTTPS, and Lets Encrypt is helping with that and backed by big names in the Internet Biz. Albeit, I only use them for server to server communication. CloudFlare in turn issues me a Comodo Cert.


So, is HTTPS Everywhere not needed?> Perhaps. But until all websites actually deploy their sites with TLS, it may be needed to increase some privacy. You really don't need it though. In my example it works well since my site is a forum, and by that nature there will be a lot of mixed content. With CloudFlare's mixed content option I can greatly minimize mixed content and so the padlock stays locked in the browser.

[John connor]

Using TOR or a VPN are unnecessarily complex and/or costly for the average user.

They are not really. Especially Tor. All it is, is a browser after all and a VPN is just client software unless you imbed it into your router, and you really don't want a VPN connection full time as PayPal and your bank might not like it. As to Tor. You really don't want to use that to bank with, etc. You can't trust the exit node. A VPN is great with an open WIFI connection like at Starbucks. But even then, your banking site, eBay, PayPal, Amazon, etc should all support TLS using these services like a VPN or Tor. I wouldn't even THINK of using Tor with any of those websites at all. Once again, the exit node can't be trusted. I can create an exit node on say AWS and sniff all of the traffic.

[dark_moon]

The Internet as a whole wants to go full blown HTTPS, and Lets Encrypt is helping with that

Not realy.
Read viewtopic.php?p=117501#p117501

[John connor]

The Internet as a whole wants to go full blown HTTPS, and Lets Encrypt is helping with that

Not realy.
Read viewtopic.php?p=117501#p117501

That has NOTHING absolutely NOTHING to do with the fact the Internet wants to go TLS.

And some of the backers behind Lets Encrypt: https://letsencrypt.org/sponsors/

[adesh]

Off-topic:
Let's Encrypt is making security a child's play. Convenience is detrimental to security.
One important thing I learned from Cryptography course - most important type of security is trust-based security. Trust the wrong guy and you are dead!
Yes, ultimately more of the web will run on TLS but security will just be a placebo (it still is) as governments are trying to kill encryption.
For better security - educate yourself, and use your brain!

[dark_moon]

Off-topic:

That has NOTHING absolutely NOTHING to do with the fact the Internet wants to go TLS.

No, the internet doesnt want this. A normal news site dont need HTTPS

And some of the backers behind Lets Encrypt: https://letsencrypt.org/sponsors/

It doesn't matter who sponsor is. The concept isnt good. Read Moonchilds post why
Also yeah, facebook and google are sponsor- the biggest data collection companys..nice
cisco..a NSA friendly company...nice

[John connor]

I don't care about Lets Encrypt. I'm going by what I've read, and that is Google wants to see websites use TLS. End of story.

[satrow]

Just chill out, folks. Agree to disagree and do what you feel is safest/most appropriate to you.

[lyceus]

I don't care about Lets Encrypt. I'm going by what I've read, and that is Google wants to see websites use TLS. End of story.

Actually I see that you write very heated posts and since this is not a boxing ring but a tech forum. You had won yet another warning.

And if I see more angry comments here I will lock the thread, ONE TIME WARNING.

[John connor]

It's not an angry comment! I just stated about what I read. I didn't insert profanity or otherwise. Give me a break.

[AberzombieAndGlitch]

Using TOR or a VPN are unnecessarily complex and/or costly for the average user.

They are not really. Especially Tor. All it is, is a browser after all and a VPN is just client software

1) You're looking at it from your perspective, not the average user.
2) Tor is not a browser. There is a Tor browser, yes, and there are Tor plugins for browsers. But it is not "just" a browser. It does require more education to use well than just installing something. The same goes for VPNs. I work in IT. I constantly have to re-educate my users on our VPN software, how and when to use it, even the ones who have been here for 10 years or more and it's dead simple after the first time connecting. I always have to remind myself to look at things from my users less educated point of view, otherwise I assume too much and miss important details.