Type: other

In the wake of https://www.eff.org/deeplinks/2021/09/https-actually-everywhere and https://www.eff.org/deeplinks/2021/04/https-everywhere-now-uses-duckduckgos-smarter-encryption .

While HTTPS is kinda everywhere and I personally use https-only mode, it is in fact not everywhere and I encounter websites without HTTPS several times every day.

Also, not all the websites with https use preload.

Also, https-only-mode often doesn't allow temporary overrides, and if allows, it has poor UI.

Also, having https-only-mode enabled makes ordinary people to suffer and they just disable it.

So, https-only-mode is just a "toy for geeks" (from the point of view of ordinary "serious" people) currently.

HE "blue" mode was a tolerable and unnoticeable tool to improve security of such people relatively to just accepting every non-tls website.

So, dropping HE means that security of these people would become worse.