HTTPS Everywhere
Why does the Tor Browser come with the HTTPS Everywhere extension pre-installed instead of using the built in HTTPS Everywhere mode included to Firefox itself?
If i remove the plugin and use the built in function, is there ANY difference? And, does it make my user-agent look different from other tor-users since they propably use the pre-installed plugin? Am i more unique removing it?
Toutes les réponses (5)
Hi
This is probably a question that the Tor project will be better placed to help you with.
Tor Browser 11.0.4 is based on Firefox 91.5.0esr. The Fx 91.0 ESR is based on the Fx 91.0 Release.
Also the HTTPS Everywhere is a Extension as the word Plugin normally refers to the NPAPI Plugins no longer supported like the Flash Player, Java, Silverlight etc.
Modifié le
James said
Tor Browser 11.0.4 is based on Firefox 91.5.0esr. The Fx 91.0 ESR is based on the Fx 91.0 Release. Also the HTTPS Everywhere is a Extension as the word Plugin normally refers to the NPAPI Plugins no longer supported like the Flash Player, Java, Silverlight etc.
Are you saying firefox 91.5.0 was still focused on HTTPS Everywhere Extension instead of the
built-in-https-function? And since Tor is based on this version it is obviously does the same?
That would explain it? Im not sure but in my memory when firefox 91 was released HTTPS Everywhere was already "outdated" because firefox already had the built in function.
Just trying to understand why tor uses this pre-installed extension instead of built-in-https. What's the point? Difference?
The built-in Firefox HTTPS-Only mode is very basic and sometimes it is quite difficult to make an exception for servers that only work with HTTP as is looks that Firefox is quite persistent, especially when DNS over HTTPS is enabled. I think that the HTTPS Everywhere extension works better when it comes to dealing websites that only work with insecure HTTP, but appear to have a certificate installed or behave different with HTTP and HTTPS (i.e. you can't force HTTP to check how the website works to investigate weird issues).
So basically when a website uses HTTP but i have the built in HTTPS ONLY MODE enabled or i am using the HTTPS EVERYWHERE EXTENSION it means that my connection will automatically be enhanced to HTTPS over HTTP? For now im using the built in function, sometimes i get a popup "secure connection not available, https onlymode alert" and i close the website. Are you saying using the built in https only mode and dns over https at the same time is a bad idea? But after all, no matter if i use the extension or the built in mode, as long as the connection is HTTPS it is secured? I mean, those two functions might work different but in the end as long as HTTPS is visible they have the same result?
So for the original question, as the extension seems to be more "advanced" this appears to be the reason why Tor uses it over the built in function?