BBS super flakey today

I can’t speak for others, but I learned about HTTPS Everywhere from BoingBoing.

1 Like

I read the FAQ and still don’t understand the point at all.

If some site wants to enable https, they just set a 301 redirect from http like we do for http://meta.discourse.org or like google does and be done with it.

Why you need a voodoo plugin is beyond me.

I think mostly it just switches on https on sites where https is optional, and users might not know the option to do https exists.

So I see it as useful only for sites where https is a “secret” option they provide to users but do not make as default for some reason, even though it is there and fully provided.

Which raises 2 big questions

  1. Why are they breaking bbs when we don’t even support https except on the CDN
  2. What is the point of “secret” HTTPS? the mood now is that everything should be https, http 2.0 is making that quite clear.

To me this all seems like a crazy misguided effort by the EFF.

I guess the voodoo plugin is because not every webmaster is exactly super up to date on the latest and greatest. Yes, the mood now is that everything should be https, but that doesn’t mean that every website is going to follow that method. So the HTTPS Everywhere plugin is (in theory) helping keep as much on HTTPS as possible until people start catching up. Though, if I’m being completely honest, I totally forgot that I had that plugin installed still. I installed it back in the day, when it wasn’t the mood to have everything on HTTPS even if it was available, so it did in fact serve a purpose back then. Nowadays, I think most sites do.

Many sites used to have an https url but gave you the non-secure site if you want to http://…

This was either out of laziness (not providing a redirect), or because non-secure connections are slightly slower/consume more resources, and the webmaster wanted to keep their speed up.

Since most browsers automatically went/go to http://… if you just type in “www.example.com” in the navigation bar, the result was that the majority of users would connect non-securely even though a secure connection was available.

HTTPS-Everywhere doesn’t seem that voodoo-ish, it’s a fairly sensible solution to the above issues – even if it’s slowly becoming less necessary.

1 Like

This topic was automatically closed after 949 days. New replies are no longer allowed.