What do you Sup Forumsuys think about this?

What do you Sup Forumsuys think about this?
reddit.com/r/privacytoolsIO/comments/5qnq6j/time_to_stop_recommending_https_everywhere/

Other urls found in this thread:

pastebin.com/Ks5gJj7N
youtu.be/Kr0tTbTbmVA
twitter.com/NSFWRedditVideo

Clearly a shill, you can disable the observatory, it is neither opt in or opt out, as soon as you install the add on it asks you if you are willing to use the observatory.

on top of it all, Smart HTTPS is no longer being developed.

also, why the fuck are so many posts deleted? fucking reddit so shit.

The proposed solution is webmadters making HTTPS default. It they did that there wouldn't be a need for HTTPS everywhere in the firdr place. Typical "knowledge but no understanding" Reddit post.

>on top of it all, Smart HTTPS is no longer being developed.
that's coz the current version works well. it doesn't need lists or anything complex like that.

personally, I've had so many issues with HTTPSEveryhwere that I uninstalled it few times.

what kind of issues did you have with httpseverywhere?

broken rules. couldn't access sites because of fucking redirects and you can't disable a specific site's rule unless you're ON THE SITE and can access it through the icon. it's a catch-22.

ridiculous design.

>What do you Sup Forumsuys think about this?
I think you need to go back.

This.

In addition to that, if you put your login info on non-HTTPS page, you deserve every stole crendetial you cause with you bad online behaviour. More so if you give your credit card info, online banking credentials or social security numbers. No addon will remove the users responsibility fort his/he actions, assuming so is ignorant and stupid.

How can I implement (at least) a ghetto HTTPS Everywhere in the router? (Something that doesnt require blocking port 80 preferably).
Any ideas?

Heh. So he instead thinks the pleb will manually check if a secure version of a website is available?
How fucking cute is that?

The pleb doesn't even know what HTTPS is. The pleb will happily fill out HTTP forms. If we're happy, the pleb has "heard somewhere" that "forms that use POST are always secure, unlike GET", so he's happy.

Instead of recommending getting rid of it, try to make an alternative to HTTPS everywhere. You'll find out that figuring out whether a website supports HTTPS is not that easy at all. Some websites send different or blank output for HTTPS urls. Does that mean it's fine to redirect to them?
No? But maybe that difference is just that it mentions being secure somewhere.
Some other websites instead use secure.website.com instead of www.website.com instead. Or something else. How are you planning to tell? 50 requests to all possible variations of the URL?
This is why HTTPS everywhere uses its whitelist. It's not like this guy is the first person to notice that that maintaining a whitelist seems harder to maintain than a automatic detection - at first glance.

>reddit
fuck off, retard

>Almost everyone seems to believe that HTTPS Everywhere works by checking if a site is available over HTTPS and switching if it is.

I knew from day one that it was checking a database BECAUSE IT TELLS YOU THAT.

You can't fucking algorithmize checking for HTTPS because even when it "works" sites break and redirect to different content and so on.

>reddit

HTTPS Everywhere or Smart HTTPS?

Why though?
EFF is the organization I'd trust for privacy

Too heavy on resources.

>trusting a 3 letter organization

>why the fuck are so many posts deleted

It has been taken over by agents a long time ago, just like Sup Forums after the GG purge. Even long before then Sup Forums was controlled.

EFF is a non-profit, public-funded, non-government organization and has done more for privacy than anyone here.

They've challenged numerous anti privacy actions in court, offer awards for privacy advancement, and have created plenty of privacy software (including helping with the TOR project) for several decades.

What have you done?

so who runs this "EFF" behind the scene? whose interests he serves?

at least we know who runs government agencies and they were vetted by elected representatives

t. shill

All software is open source.
Research it yourself autist.
You're one step from thinking it's a Jewish conspiracy, I can feel it.

>eff.org
First and fourth amendment activists.
Is it so hard to believe people that value these things actually banded together, and do something other than shitpost conspiracies all day?

Holy FUD. This is something I hate about online privacy, encryption and computer security in general; there are so many people that don't know shit and who have never taken a single class in network protocols or computer security that spout nonsense on the internet acting like they know more than they do.

This kind of paranoia does more harm than good. It's the same with people who push for running weird unpatched forks of the main web browsers to escape "the botnet".

you're so fucking stupid, you think lobbyists only target governments? it's a lot easier to buy these unaccountable bureaucracies than government officials that the media are watching

WHO BOUGHT THE EFF PRESIDENT'S SON IN LAW A YACHT YOU CUNT???

t. shill

IT'S OPEN SOURCE RETARD. GO THROUGH IT IF YOU DON'T TRUST IT.

THIS IS ELECTRONIC FRONTIER FOUNDATION (AMERICA)
NOT
ECONOMIC FREEDOM FIGHTERS (AFRICA)

THEY DON'T EVEN HAVE A "PRESIDENT"

YOU ARE SO FUCKING RETARDED. WHY WOULD THE EFF OF AFRICA GIVE A FUCK OR EVEN KNOW HOW TO FIGHT US COURT DECISIONS OR CREATE PRIVACY SOFTWARE

System thinks my reply is spam (?) so heres my reply to your comment: pastebin.com/Ks5gJj7N

Well my ip is 127.0.0.1
Dox that noob

>THIS IS ELECTRONIC FRONTIER FOUNDATION (AMERICA)
>NOT
>ECONOMIC FREEDOM FIGHTERS (AFRICA)

you should view both with the same skepticism

if nothing else they must justify their own existence and do regular shakedowns of large corporations creating symbiotic relationships

you don't know what their interests are, what the founders own, how people become influential, who their relatives are, who employs those, etc

you can't deny that it's less transparent than African politics!!!

youtu.be/Kr0tTbTbmVA

>It's the same with people who push for running weird unpatched forks of the main web browsers to escape "the botnet".

Are you fucking stupid? The only way to escape Chrome and its botnet is to use its ungoogled forks.

That lag behind in security updates. Not talking about chromium here buddy, but waterfox etc.

>That lag behind in security updates

Lag is still better than having all your data logged moment by moment. If you don't want lag then feel free to contribute to Iridium, its developers have been asking for more manpower to keep it up to date for sometime.
This is exactly what's wrong here, people want security but don't want to work to get it.

Why do you hide your incompetency behind dancing niggers

I use firefox instead, turning off the telemetry. I do have auto-suggest search stuff on, but I could turn that off if I wanted to.

I just don't trust other smaller teams to be as competent and fast at fixing security issues as the big players.

It's stupid.

>Almost everyone seems to believe that HTTPS Everywhere works by checking if a site is available over HTTPS and switching if it is.
Everyone who thinks that is stupid and he's stupid for thinking people think that.

>Are webmasters really going to jump through hoops to make a ruleset for HTTPS Everywhere, when it's probably easier for them to make their site HTTPS default (and use HSTS/HPKP etc) which help everyone (not just users of a specific addon).
That's not the problem. The problem is that webmasters are stupid and many don't know or care about HPKP, or they think that HTTPS is an advanced feature that only a handful their users will need, so they make it optional. Sup Forums is a good example of both of these, so you really shouldn't agree with him if you use Sup Forums. If a webmaster knows and cares about enforcing HTTPS, of course they will deploy HPKP headers to force their users to use HTTPS. If they don't care (which is the vast majority,) then it has to be the job of an external whitelist (like the one in HTTPS Everywhere) to make that decision for them. In no case does anyone actually want to be on the HTTPS Everywhere whitelist because it's just a list of sites with retarded webmasters, so it doesn't matter if it's hard to get on the list.

Something like Smart HTTPS, which seems to check for HTTPS support automatically, does not solve the problem. Some sites almost work on HTTPS, but can have weird errors because they listen for HTTPS connections by accident and were never tested over HTTPS. The only way you can build something like this is if you have a human-curated list. Also, it seems like a great way to make every HTTP request from your browser much slower.

>non-profit, public-funded, ngo
>trustworthy
kek, I bet you're a libshit as well

>implying liberals are strong advocates for the first and fourth amendments

Just use SSL Enforcer.

Does anybody know why people still need to install an AddOn for this? Why isn't it featured in Firefox by default?