Always Use HTTPS Extension ?

Page 1 of 2 12 LastLast

  1. mike888
    Posts : 241
    Windows 10
       New #1

    Always Use HTTPS Extension ?


    Hello, I used to use HTTPS Everywhere extension but the developer has discontinued support for it and it is no longer on my computer.

    I have been unable to find a suitable alternative extension. There was one that I saw and it said there were 14 reviews but when I looked further their were NO reviews .

    I have tried to enable the Microsoft experimental flag edge://flags/#edge-automatic-https which adds a further line in the privacy,search and services section of the browser. However when I try and enable it in the settings I get a red circle with a diagonal line down it. So that was no use.

    I have a relative who gets me to do searches for them for hotels and so far in one day I have stumbled on sites with no secure connection ie: http and my browser with Kaspersky free makes no attempt to block them which "HTTPS Everywhere" did. Can anyone offer a solution for me. Thanks.
      My Computer
    Quote Quote

  3. Malneb
    Posts : 1,211
    Windows 10
       New #2

    Some websites don't support HTTPS, if you are not entering any data into these sorts of sites then its not that harmful.
      My Computer
    Quote Quote

  4. User2468
    Posts : 295
    Windows 10 Pro
       New #3

    HTTPS or a TLS encrypted connection just encrypts your connection to the website. It has ABSOLUTELY NOTHING to do with the security of a website. ANYONE can install a Lets Encrypt Cert or whatever on a website...

    I'm afraid HTTPS Everywhere while good for what it did provides a false sense of security to those that don't know the technology.

    Plus, I can bet my bottom dollar the TLS implementation is broken or there are back doors. Also, your anti-virus is a man in the middle so your precious encrypted connection to that website is intercepted by your anti-virus software. It's how it works and why I stopped using anti-virus software years ago. I now use Sandboxie classic for my browser and scan ALL downloads at VirusTotal. The general consensus is four hits and you toss. But it depends on what you have there...

    In a nutshell, I have my own websites and it was super easy to install TLS certificates. Anyone could do it.

    On the other hand, Firefox et al should block non HTTPS connections by default where you have to click advanced and manually say, "yes, I trust this website. Which is full on retarded (Did the Aircraft just call me RETARD?! - YouTube) it's not even funny. Browsers today are a massive joke. So is the CEO of Mozilla. And Google can kiss my fat... well, just kiss it. LOL!
      My Computer
    Quote Quote

  6. Malneb
    Posts : 1,211
    Windows 10
       New #4

    Well that is what they are supposed to do is have the right certificate. I am not sure how that is a misconception because that is how it works.
    HTTPS is SSL encryption over a connection so yes it is security focused that is the whole point.

    This forum has HTTPS even though it does not really need it, well it may do for back end reasons but as a user it does not warrant it. Now if you are going to the bank then yeah you would want them to have HTTPS for example.

    The hotel stuff in your cases OP maybe not an issue unless you are using credentials there like payment or something.
      My Computer
    Quote Quote

  7. TairikuOkami
    Posts : 5,452
    Windows 11 Home
       New #5

    Chrome enables it by default now and it will be mandatory soon, Edge will follow, you can just wait a few weeks.

    Google Chrome now auto-upgrades to secure connections for all users

    I have not used http for several years, I even block ports 80/53 in the firewall for security/privacy reasons.
    Any webpage that does not have https, should not even exist, it is obsolete. It cost nothing to use https.

    mike888 said:
    I have tried to enable the Microsoft experimental flag edge://flags/#edge-automatic-https which adds a further line in the privacy,search and services section of the browser. However when I try and enable it in the settings I get a red circle with a diagonal line down it. So that was no use.
    You can force it by policy:
    Code:
    rem Automatically switch to more secure connections with Automatic HTTPS / 0 - Disabled / 1 - Switch to supported domains / 2 - Always
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AutomaticHttpsDefault" /t REG_DWORD /d "2" /f
    Attached Thumbnails Attached Thumbnails Always Use HTTPS Extension ?-capture_10312023_124032.jpg  
      My Computer
    Quote Quote

  8. Malneb
    Posts : 1,211
    Windows 10
       New #6

    I think HTTP is still ok depending on the websites purpose like a benign website that is just displaying some raw html or basic css for multimedia purposes might not need to have HTTPS or a locally hosted web front end or database does not need it either.

    i guess it depends on context, what you are doing and how you are online even, if you are on shared internet or public internet with other that are not trusted then you most certainly want to be using HTTPS compatible websites.

    i guess also side note HTTPS has been around since Netscape made by them actually and its only really made a dominate shift to priority standard in the last several years i guess because you can get certs for free or low cost depending on scale these days. Having some condition on that matter.
      My Computer
    Quote Quote

  9. Callender
    Posts : 6,853
    22H2 64 Bit Pro
       New #7

    mike888 said:
    I have tried to enable the Microsoft experimental flag edge://flags/#edge-automatic-https which adds a further line in the privacy,search and services section of the browser. However when I try and enable it in the settings I get a red circle with a diagonal line down it. So that was no use.
    I get the same. If Edge says "Managed by your organization" at the top of the settings page that option won't be available.

    So I've applied some tweaks, including disable DOH and can't enable that setting either.

    I want to keep the tweaks/ applied policies so here's an alternative.

    Force HTTPS for all traffic - Chrome Web Store

    With Force Https enabled:

    Always Use HTTPS Extension ?-ssl2.jpg

    With Force Https disabled for the same site:

    Always Use HTTPS Extension ?-ssl1.jpg

    So forcing https might break some content on some sites in which case you'd need to disable the extension when visiting the problem site.
      My Computer
    Quote Quote

  10. User2468
    Posts : 295
    Windows 10 Pro
       New #8

    1) Blocking port 80 is stupid. Especially if you need access to an API that doesn't use TLS. Blocking port 53 is stupid.

    2) It's not SSL. It's TLS.

    3) This website (as well as mine) uses TLS to help guard against exposing the username and password input...

    4) Websites DO NOT need to use TLS. That is just a push by Google.

    5) They made it easy to use TLS because it's backed by big tech such as Facebook, Google, et al. So???

    6) TLS has never been audited to my knowledge and is probably a massive false sense of security.

    7) DOH is a false sense of security. You want DOT. But again, big tech calls the shots.
      My Computer
    Quote Quote

  12. mike888
    Posts : 241
    Windows 10
    Thread Starter
       New #9

    Original poster here.
    On some of my machines that use chromium I still have "HTTPS Everywhere" installed.
    Is their any way of copying the extension file details to another similar chrome browser ?
    Thanks.
      My Computer
    Quote Quote

  13. User2468
    Posts : 295
    Windows 10 Pro
       New #10

    How to Find Your Chrome Profile Folder on Windows, Mac, and Linux
      My Computer
    Quote Quote

 

  Related Discussions
DNS over https (DoH) not working?
in Network and Sharing

I thought that native DoH was working all this while after an update for Win10 but that doesn't seem to be the case on my PC (Win10 pro 19044.1766). I followed the instructions on website but it didn't work. I don't see the "encrypted" option on...
I use the extension as per title of this post. I received an automatic URL today Set Up HTTPS by Default in Your Browser | Electronic Frontier Foundation but HTTPS cannot be enabled by default in Microsoft Edge withoput messing in browser flags...
firefox and https
in Browsers and Email

have the latest firefox installed but https web pages do not work on even the latest insider update. doesn't work desktop comp which is win 10 ver 1511 build 10586.63 this has been going on a few weeks now. uninstalled it and reinstalled same...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 03:37.
Find Us




Windows 10 Forums