Please, don't retire HE
KOLANICH opened this issue · comments
Type: other
In the wake of https://www.eff.org/deeplinks/2021/09/https-actually-everywhere and https://www.eff.org/deeplinks/2021/04/https-everywhere-now-uses-duckduckgos-smarter-encryption .
While HTTPS is kinda everywhere and I personally use https-only mode, it is in fact not everywhere and I encounter websites without HTTPS several times every day.
Also, not all the websites with https use preload.
Also, https-only-mode often doesn't allow temporary overrides, and if allows, it has poor UI.
Also, having https-only-mode enabled makes ordinary people to suffer and they just disable it.
So, https-only-mode is just a "toy for geeks" (from the point of view of ordinary "serious" people) currently.
HE "blue" mode was a tolerable and unnoticeable tool to improve security of such people relatively to just accepting every non-tls website.
So, dropping HE means that security of these people would become worse.