That would be Interesting if that did take place.
But SanyaIV The Current HTTPS everywhere does have that Feature already as a separate Extension.
But I’ve not seen a warning telling you of a insecure page http. The only thing I’ve noticed is that HTTPS everywhere just pop-ups in the address bar on the far right.
HTTPS everywhere and PrivDog conflicts for me. PrivDog will try to do one thing but won’t be able to because HTTPS Everywhere is doing something else and somehow has “more right” to do so, hence I don’t use HTTPS Everywhere and is the reason I suggested it.
It was the other way around for me. 
Hmm PrivDog must have a higher “priority” for you, is there any way to manipulate that? Though in my opinion all browsers should come with a prefer HTTPS feature within the source code, one should not need an extension for that. 
Not any that I know of.
Actually there is: HTTP Strict Transport Security. HSTS has one weakness though:
The HSTS header can be stripped by the attacker if this is the user's first visit.The solution is to have an HSTS-list in the browser, and Google maintains such a list: [url=https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json]transport_security_state_static.json[/url] Users can also add domains to that list, by opening chrome://net-internals/#hsts Dragon even has a button for that: [url=https://help.comodo.com/topic-120-1-279-4530-Force-Secure-Connections.html]Force Secure Connections[/url] But HTTPS Everywhere is still a good and useful complement to HSTS. It has [url=https://gitweb.torproject.org/https-everywhere.git/tree/HEAD:/src/chrome/content/rules]lots of domains[/url]. Sorry for the !ot!-stuff. :P0l :a0
I don’t really know how to use HSTS. ???
Well I’m the author of this topic so I hope I have the right to allow off-topic talk, however if you think about it, it’s not really off-topic, it’s just a continuation, a normal evolution of a conversation. One reason I don’t really love forums is because you can not talk as if it’s a conversation, conversations evolve and touche several points, forums only allows one line and if you stray from it you get a warning. 88) However I could see why forums would need order. 
Anyway, I also tried it with KB SSL Enforcer which is my pick of the https extensions, but I still have the same issue, see pic.
Edit: ■■■■ it, forgot to crop the image >:( Whatever I have nothing to hide in the rest. :a0
[attachment deleted by admin]
If a site has enabled strict security (and your browser supports it), you use it without knowing it or doing anything special. Try to go to http://www.paypal.com or http://mega.co.nz and you will be redirected from http to https.
If you want to add domains just type/paste chrome://net-internals/#hsts in Chrome’s address-bar and start adding them. In Dragon you can click on the padlock to add the domain you currently visit.
Indeed. :P0l
KB SSL Enforcer works quite differently. It has no domain-list, but instead looks for https when you go to a domain. So if you type www.comodo.com, your browser will first connect to http://www.comodo.com and KB SSL Enforcer will then redirect to https://www.comodo.com/ HTTPS Everywhere and the HSTS-list will tell the browser beforehand to use https (if the domain is in the lists, ofcourse).
Oh, alright that seems simple.
Indeed however if the domain isn’t in the list it will take you to the http instead of https site, right? In that case you might want to have something that redirects you to the https site
I’m now trying to use HTTPS everywhere and KB SSL Enforcer and PrivDog together… so many conflicts. 88)
Well for me I get no conflicts.
I have HTTPS everywhere: Active, but only comes into force when I go to a page that the address bar goes green or on other pages that need it are set for HTTPS depending on their Connections etc.
I also have Privdog Fully Enabled with this setup:
Trackers Block
3rd Party Widgets Block
Ads Block all Ad Networks
Statistics Block
Also I have Disconnect active all the time
And all 3 run in harmony on my Main Machine & Laptop with Win 7 Home Premium 32 bit
So I can’t understand how you have problems.
O well I guess there will be an Explanation/Fix soon
Regards
Nige
I think it’s because I allow ads from trusted sources which means that instead of blocking an ad it will replace it with an address to AdTrustMedia which HTTPS Everywhere does not agree with so HTTPS Everywhere redirects the element to some emediate or something url.
Edit: Yup, just tested with setting PrivDog to block all ads, then I get no conflicts. Heh though I still get conflicts for facebook button for an extension ??? I hate seeing that button in chrome go yellow/orange.
I see where you are coming from now, But it is still a mystery on what is happening on your system
Regards
Nigel
I don’t think it’s that much of a mystery. I assume that PrivDog acts first on the element and redirects the element to point to adtrustmedia and HTTPS Everywhere acts later and tris to redirect the element to the https version of that ad and since it acts later it overrides what PrivDog did, OR it simply just has a higher priority somehow, does PrivDog use the “!important” thingy apparently Chrome has some thing I think it’s “!important” and only other applications using “!important” can override an application that uses “!important” so it could be that HTTPS Everywhere uses “!important” and PrivDog does not? I really don’t know but I don’t think it’s a mystery.
Perhaps, but it might not be of such great worth and use as one would expect. See these FAQs:
https://code.google.com/p/kbsslenforcer/wiki/FAQ#Is_it_secure_against_MITM/Firesheep_attacks?
I see, but still if HTTPS Everywhere and HSTS does not have the site registered then it will use the http protocol rather than the https protocol so MITM attacks are still able to happen with HTTPS Everywhere, the only unique problem with KB SSL Enforcer is that it might take you to sites that don’t work, for example if it seems like a site supports SSL and it actually doesn’t have all the stuff on it. (and the weakness of having to make the first request unencrypted) So then it would be great if you could layer them to first use HTTPS Everywhere system and if it is not registered then try the system KB SSL Enforcer uses since I would argue that using KB SSL Enforcer would be safer than not using anything like that at all, and now couple that with PrivDog and we have a nice extension.
Not using https automatically does not mean you cannot use https, and I advise anyone to make sure https is used (if available) before exchanging information with a site. And though I think encryption should always be used, the real need for encryption varies depending on how a site is used. It does not matter much if you go to https://www.comodo.com or http://www.comodo.com if all you do is to browse the site. But using https://forums.comodo.com is important, not only when logging in, but also when sending and recieving ■■■, for example.
Indeed make the first request unencrypted. You will probably not even notice that happens, and you will think that encryption was used all the time.
I wasn’t implying otherwise.
Okay think about it this way:
Scenario 1: You do not have HTTPS Everywhere or KB SSL Enforcer but you do manually set websites to HTTPS when you visit them, the issue of first making unencrypted requests is there.
Scenario 2: You do have HTTPS Everywhere but not KB SSL Enforcer and you do manually set websites to HTTPS when you visit them, the websites known by HTTPS Everywhere will not make any unencrypted requests but websites not known by HTTPS (or HSTS) will still have the issue of first requesting unencrypted.
Scenario 2.5: You do have HTTPS Everywhere but not KB SSL Enforcer and you don’t manually set websites to HTTPS when you visit them, websites known to HTTPS Everywhere will always be encrypted with no “leakage” however sites not known to HTTPS Everywhere will most likely always be HTTP instead of HTTPS which is more damaging than if just a single first requests were unencrypted.
Scenario 3: You do have KB SSL Enforcer but not HTTPS Everywhere, you have the issue of initial unencrypted request.
Scenario 4: You do have an extension like HTTPS Everywhere and KB SSL Enforcer combined, The sites known to support HTTPS would directly connect to that while sites not known would automatically test if HTTPS is supported, the issue of initial unencrypted requests is still there but you won’t forget to change the site to HTTPS in either way and anything subsequent will always be via HTTPS if the site allows it.
So by merging them into one, in my opinion you don’t really get anything negative, however you do the get positive thing of never forgetting to set the websites that support it to HTTPS.
By “manually set websites to HTTPS when you visit them” you seem to assume that I would first visit e.g. http://www.polisen.se and then add the heroic s: https://www.polisen.se
Well, I can go straight to https://www.polisen.se, in which case manually using https is more secure than doing it automatically (KB SSL Enforcer-method).
If I’m really cautious, I can make sure a domain (e.g. my bank) is in the HSTS-list before visiting it. Actually it is good to make sure to use strict security for such sites.
So by merging them into one, in my opinion you don't really get anything negative, however you do the get positive thing of never forgetting to set the websites that support it to HTTPS.I think it might have the opposite effect, that I forget about https because I count on that someone else does it for me.
Another thing to remember is that HTTP Secure is not always secure. Old cryptographic protocols are insecure and it’s time to move (servers and browsers) to TLS 1.2.
Anyway, Adam Langley (Google) has written some articles you might find interesting: ImperialViolet - Posts index - ImperialViolet.org
Hmm I see, would it not be possible to “hijack” the browser so that when someone tries to go to http://www.polisen.se it never requests that site before trying https://www.polisen.se but if it does not support SSL then fall back on http and display a message that the site does not support SSL and is hence not secure?
Not in any way I am aware of. http is the default transport protocol for every browser and I guess that behaviour must be changed in the browser-code.
Replacing TCP with the UDP-based and encrypted QUIC will improve the situation.
It is also being discussed whether to make TLS mandatory in the SPDY-based HTTP 2.0 (draft).
Shame :-\ however also in a way good from a security point of view on hijacking the browser.
I don’t know if I would vote yes for a mandatory TLS, however I would vote for it being the default. In my opinion security is more important than speed.