HTTPS, HTTPS Everywhere

During this past week (IIRC, could have also been last week) I installed the first two add-ons to my disposable Firefox profile: the first was HTTPS Everywhere (from the EFF), the second was HTTPS By Default. Both installations started out as experiments, but there have been no issues and so I’m going to continue with them for the time being.

HTTPS Everywhere goes slightly against my starting premise of “take sites in as they come, or stop using them if they’re unbearable as such”. But in theory, it shouldn’t influence the end-user experience very much, so I should still feel equally at home in other casual setups I might be using the web on. The add-on should just help to give me slightly better privacy when at home without me having to think about it.

HTTPS By Default, by contrast, does not go against the premise. Although I will be using HTTPS on some sites I’d be using over plain HTTP outside home (due to failing to remember to explicitly request for https://), the purpose here for me is just the opposite: to become aware of sites that fail to present themselves over https, by forcing me to explicitly request them over http://. (The add-on causes such sites to fail hard when requested without a protocol.)

Installing these two add-ons was prompted by my successful deployment of Let’s Encrypt on my own sites, which means I no longer have to make exceptions for them. Those exceptions would have been pretty big as my sites make up a big portion of my web use.

(Sidebar: I didn’t realize it had been such a long while since the last post, but the fact that I had trouble remembering the blog’s name should have been a hint. But for this blog, “no news is good news” basically holds true; it means my setup continues to Just Work.)