https-everywhere icon indicating copy to clipboard operation
https-everywhere copied to clipboard
verified publisher icon EFForg

New extension to change bookmarks to HTTPS using HTTPS Everywhere logic

Open Kenneth-Barber opened this issue 5 years ago • 0 comments

Type: feature request

The idea of changing bookmarks to their HTTPS equivalent using HTTPS Everywhere rules was already mentioned in issues #319 and #7671, but they were both declined due to the feature being too complex, requiring extra permissions, supposedly not adding any latency, and being unnecessary when HTTPS Everywhere is used. I feel that this idea should be reconsidered.

I will counter the above reasons for declining the ideas:

  • Complexity. Any new feature will add complexity, and changing bookmarks should not be that difficult compared to other suggested features.

  • Latency. It will always take more time to check a link, change it to HTTPS if it is HTTP, and visit it than to check a link and visit it without making any changes to it if it is already HTTPS.

  • Extra permissions. This issue can be solved by creating a new, separate extension to change bookmarks to HTTPS.

  • Unnecessary when using HTTPS Everywhere. This assumes that the user will continue to use HTTPS Everywhere. I can think of several scenarios where HTTPS Everywhere would not be used:

    • A user may decide to remove HTTPS Everywhere as part of an extension cleanup to free system resources and simplify the browsing experience.
    • A user may migrate browsers and import their bookmarks into the new browser but not reinstall HTTPS Everywhere, whether on purpose or by accident.
    • A user may have their bookmarks synced to multiple devices, and the browsers on those devices may not support extensions, and if they do, HTTPS Everywhere might not be available or installed.

    HTTPS Everywhere's protection is only ad hoc, whereas when bookmarks are converted to HTTPS, there is some lasting protection.

With the counterarguments out of the way, there are also additional arguments to support the feature of changing bookmarks to HTTPS:

  • Crowdsourcing & gamifying the push to HTTPS. Imagine this: the user converts their bookmarks to HTTPS and the extension returns a report stating which bookmarks would not be converted and some statistics such as % already HTTPS, % converted, and % HTTP only. This will bug some users, who want their bookmarks to be 100% HTTPS and will contact the owners of the website, requesting that they add support for HTTPS. Having the list of bookmarks that could not be converted creates an eye-opener effect, exposing the full extent of the bookmarks' HTTP-only problem to the user. In contrast, HTTPS Everywhere exposes HTTP-only websites only when they are visited, making each HTTP-only website seem like a one-off.

  • Minimize HTTPS Everywhere's work. Bookmarks are links that the user visits multiple times. It does not make sense for HTTPS Everywhere to convert the bookmark links every time they are visited. Just convert the bookmarks themselves just once and HTTPS Everywhere won't have to waste resources performing so many conversions.

Since this is a request for a new but related extension, this may not be the most appropriate place to post this idea. If that is the case, please tell me where instead I should post this idea.

Kenneth-Barber avatar May 15 '20 04:05 Kenneth-Barber