

On first connection to a new site (typed without protocol), try https first - amenghra
https://bugzilla.mozilla.org/show_bug.cgi?id=1158191

======
Sulfu
This will not break anything as it goes to http if no HTTPS is available. I'm
french, and with new laws commings up, i'm more than ever deeple concerned
about privacy and freedom of speech. But please remember that HTTPS don't hide
where you are seeking informations from, but only content

~~~
frikk
This will break some websites that are not configured properly -- for example,
a server that has several sites but only one of them uses https. Trying https
on the other sites would default to the https in use. I've seen this happen on
some servers we run internally.

In short, there's no way to know if you're actually seeing the correct https
version of the site.

~~~
Sulfu
Ok yes you are right, this might break some unproperly configured servers (i
also regulary see websites that goes to admin panels when trying to access to
secure http), but this while probably last only few weeks or months before the
majority of websites fixes it. Anyway, i think this is a good thing, we should
have switch to full HTTPS a long time ago and this feature might help.

------
arexi
I wonder how many websites this will break. A few times in the past I have
tried seeing if websites support https and been served a default Apache page
or something instead. Still, the more encrypted traffic the better.

~~~
dmckeon
I've been using [https://www.eff.org/https-
everywhere](https://www.eff.org/https-everywhere) since 2011 (Firefox 3.6 back
then) and only rarely see sites that serve a default page or stall with https.

That's anecdata, but to get good data one would have to try to fetch & compare
results from both protocols for many websites - perhaps Google or the Internet
Archive has done this?

The biggest annoyance for me in using https preferentially is that I often end
up with multiple bookmarks for the "same" page, which differ only in their
protocol - it would be nice if there were an auto-magic way to upgrade the old
http bookmark to the https protocol.

~~~
Noctem
That's because HTTPS Everywhere doesn't blindly attempt HTTPS connections, it
redirects based on a massive set of rules. That's also how it accounts for
more complex changes than just the protocol portion of the URL, like adding an
_encrypyted._ or _ssl._ subdomain.

You can see all the rulesets here: [https://gitweb.torproject.org/https-
everywhere.git/tree/src/...](https://gitweb.torproject.org/https-
everywhere.git/tree/src/chrome/content/rules)

