GNOME Bugzilla – Bug 725093
HTTPS Everywhere
Last modified: 2016-10-13 01:06:15 UTC
Seeing the wiki page of Epiphany Next[1], I remembered that I like to know if/that I’m using HTTPS, and that I do not think of it when using Chrome because of the EFF’s extension HTTPS Everywhere[2]. It would be great to have that as an option[3] activated by default in Epiphany. The mockup doesn’t show the protocol at all. I was thinking: * people that disable such an option don’t mind which protocol they are using, so they don’t need any information about it (they could see it with <ctrl>L if really needed); * by default, with the option activated, it should be great to show when a website is *not* accessed (= reachable) in HTTPS. [1] https://wiki.gnome.org/Design/Playground/EpiphanyNext [2] https://www.eff.org/https-everywhere [3] as for the adblocker, it’s important to let people have a way to access the net “the exact way they are asking for it”
In epiphany from git master, when the title of the web page is shown instead the location bar, if the page is secure we have in the subtitle (in the url) the lock icon, else we have unlock icon. I think this solved your problem?
I’m now in Rawhide’s 3.11.90; difference with what you see: nothing is shown both in title-mode and in edit-url-mode when in HTTP (secure symbol on both when on HTTPS). No, it didn’t solve this enhancement bug. It is really question of not having to think about security, by both: * switching automatically to HTTPS when available (that’s done with EFF’s extension on other browsers); * consider that the normal protocol to access a page is the secure HTTPS, warning only if it’s not the case.
I use this extension on Firefox, and is great in many cases but in some others not so much. Some sites are completely broken with this extension. For example www.pcworld.com If implemented, I don't think this should be enabled by default.
We don't need this to be an option. What we will do is simply ignore TLS certificate errors (and display the entire page with an insecure icon if there are any). That's obviously not as secure, but if sites want you to be secure then they should actually deploy HTTPS properly. We would probably want to depend on https://github.com/grindhold/libhttpseverywhere We were supposed to get funds from GNOME to pay for this, since we raised $20000 and HTTPS Everywhere was put on the list of things to do, but I think those funds are never actually going to be used at the rate we're going (getting the board to answer questions about them is not easy).
Whoops, forgot to link to https://wiki.gnome.org/Apps/Web/Development/Security
HTTPS Everywhere will be enabled by default in Epiphany 3.23.1, thanks to Daniel "grindhold" Brendle. :D