HTTPS everywhere as an alternative to devs CA principles

[shubla]

So in this community CA's and encrypted connections in general aren't in very high appreciation and thus people (like loftar and maintainer of ROB wiki) don't like to offer https connections even though it is highly recommended to use them and it causes all kinds of inconveniences in some browsers if sites don't support them.

I was suggested an alternative

Wiki should accept HTTPS connections as some urls block if http content is embed in https sites.
https://letsencrypt.org/
Free and relatively easy setup.

https://www.eff.org/https-everywhere -- Another solution

Doesnt that addon just throw you into the https version or block http sites? So it doesn't help in this case as https site is missing completely.

No. It ensures that all portions of a site are effectively secure. It was developed for use with TOR and ensures that all communications are encrypted. I can't do it justice in a short description here. Read up on it.

FWIW, Chrome is the only browser that throws a fit over this, and only when it is configured in a certain way.

Doesn't the addon just upgrade http connections to https connections, if the origin server supports https? How would any addon be able to secure connection that is only available in http form?

[MagicManICT]

For anyone curious, HTTPS Everywhere is an Electronic Frontier Foundation development. They're one of the biggest political advocates for free speech and privacy rights on the Internet, and one of the oldest. The concept is to ensure that all data transmissions are treated as secure. It's been a while since I've read through the details on how it works, but the information is available at the website shubla quoted above. The source code is also available as this is an open source project, and was developed in conjunction with TOR to create a secure browser environment for encrypted, anonymous communications between parties.

As far as Chrome goes, somehow the developers have inserted a certain set of idioms into the settings that generates paranoia about data security. It is an issue when some websites mix non-encrypted as well as encrypted data. It leaves the end user unsure as to what parts of the page aren't encrypted, and from the developer side, leaves a chance to make mistakes in the deployment of the website allowing the code to be mistakenly updated to be unencrypted without someone noticing. However, there are better ways of handling such issues other than the way it is handled in Chrome. It's one of the reasons I uninstalled Chrome and went back to using Firefox full time.

As much as I want to write a dissertation on the merits of trust and CAs, better attacks have been made by more knowledgeable people. Do your homework.

[NeoBasilisk]

why would you be using chrome

[shubla]

why would you be using chrome

Why would not one use chrome? I'm using chromium and it works quite well.

[MagicManICT]

Chrome has its advantages... like you can connect to Stadia.

[Malkiah]

I'm using Edge(Chromium), I get all the benefits of Chrome, without any of the Google headaches. I never get any crap for ROB or HnH site.

[shubla]

I'm using Edge(Chromium), I get all the benefits of Chrome, without any of the Google headaches. I never get any crap for ROB or HnH site.

Or then you could use chromium to get all benefits of chrome without any of the microsoft headaches. I'm not sure how using edge is any better than using chrome.

[Malkiah]

I'm using Edge(Chromium), I get all the benefits of Chrome, without any of the Google headaches. I never get any crap for ROB or HnH site.

Or then you could use chromium to get all benefits of chrome without any of the microsoft headaches. I'm not sure how using edge is any better than using chrome.

It is a matter of perspective friend. I wager it is that I prefer Microsoft headaches over Google ones. I probably have my reasons, as we all do for the things we do.

[NeoBasilisk]

why would you be using chrome

Why would not one use chrome? I'm using chromium and it works quite well.

why use chrome when firefox exists