Please, don't retire HE

[KOLANICH]

Type: other

In the wake of https://www.eff.org/deeplinks/2021/09/https-actually-everywhere and https://www.eff.org/deeplinks/2021/04/https-everywhere-now-uses-duckduckgos-smarter-encryption .

While HTTPS is kinda everywhere and I personally use https-only mode, it is in fact not everywhere and I encounter websites without HTTPS several times every day.

Also, not all the websites with https use preload.

Also, https-only-mode often doesn't allow temporary overrides, and if allows, it has poor UI.

Also, having https-only-mode enabled makes ordinary people to suffer and they just disable it.

So, https-only-mode is just a "toy for geeks" (from the point of view of ordinary "serious" people) currently.

HE "blue" mode was a tolerable and unnoticeable tool to improve security of such people relatively to just accepting every non-tls website.

So, dropping HE means that security of these people would become worse.

[zoracon]

That is a reasonable point, which is why we aren't retiring the extension soon, but late next year. We plan on working with the browsers still for any gaps that would be left with this extension and their version of HTTPS Only mode. Each browser handles this feature differently and hoping to not only educate users over the next year about native features, but make sure the transition will only expand their security options, not limit them.

Also noting this is a MV2 extension in Chrome and MV2 will be deprecated for MV3 starting January 2023. We do not plan on porting this extension for MV3.

[KOLANICH]

Also noting this is a MV2 extension in Chrome and MV2 will be deprecated for MV3 starting January 2023. We do not plan on porting this extension for MV3.

Obviously, it is not the reason to retire this ext. I guess (of course, it is a guess, and cannot be measured, because users of HE also disable telemetry) usage of HE is more correlated with usage of Firefox than usage of Chrome. If Chrome wants to drop something - it is their decision. I have decided that I am not going to use Chrome pretty long ago. Unfortunately, I sometimes have to use it in order to debug some JS code (some extensions I have contributed to support Chromium-based browsers).

[zoracon]

This is not the only reason for retiring the extension. I merely noted that MV2 extensions will be deprecated in Chrome. Firefox plans on supporting MV2 still, from what we know from their post.