Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

HTTPS Everywhere

Firefox_Beginner
Firefox_Beginner
more options

Why does the Tor Browser come with the HTTPS Everywhere extension pre-installed instead of using the built in HTTPS Everywhere mode included to Firefox itself?

If i remove the plugin and use the built in function, is there ANY difference? And, does it make my user-agent look different from other tor-users since they propably use the pre-installed plugin? Am i more unique removing it?

Why does the Tor Browser come with the HTTPS Everywhere extension pre-installed instead of using the built in HTTPS Everywhere mode included to Firefox itself? If i remove the plugin and use the built in function, is there ANY difference? And, does it make my user-agent look different from other tor-users since they propably use the pre-installed plugin? Am i more unique removing it?

All Replies (5)

Paul
Paul
  • Moderator
  • Top 10 Contributor
more options

Hi

This is probably a question that the Tor project will be better placed to help you with.

James
James
  • Top 25 Contributor
  • Moderator
more options

Tor Browser 11.0.4 is based on Firefox 91.5.0esr. The Fx 91.0 ESR is based on the Fx 91.0 Release.

Also the HTTPS Everywhere is a Extension as the word Plugin normally refers to the NPAPI Plugins no longer supported like the Flash Player, Java, Silverlight etc.

Modified by James

Firefox_Beginner
Firefox_Beginner Question owner
more options

James said
Tor Browser 11.0.4 is based on Firefox 91.5.0esr. The Fx 91.0 ESR is based on the Fx 91.0 Release. Also the HTTPS Everywhere is a Extension as the word Plugin normally refers to the NPAPI Plugins no longer supported like the Flash Player, Java, Silverlight etc.


Are you saying firefox 91.5.0 was still focused on HTTPS Everywhere Extension instead of the built-in-https-function? And since Tor is based on this version it is obviously does the same? That would explain it? Im not sure but in my memory when firefox 91 was released HTTPS Everywhere was already "outdated" because firefox already had the built in function.

Just trying to understand why tor uses this pre-installed extension instead of built-in-https. What's the point? Difference?

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

The built-in Firefox HTTPS-Only mode is very basic and sometimes it is quite difficult to make an exception for servers that only work with HTTP as is looks that Firefox is quite persistent, especially when DNS over HTTPS is enabled. I think that the HTTPS Everywhere extension works better when it comes to dealing websites that only work with insecure HTTP, but appear to have a certificate installed or behave different with HTTP and HTTPS (i.e. you can't force HTTP to check how the website works to investigate weird issues).

Firefox_Beginner
Firefox_Beginner Question owner
more options

So basically when a website uses HTTP but i have the built in HTTPS ONLY MODE enabled or i am using the HTTPS EVERYWHERE EXTENSION it means that my connection will automatically be enhanced to HTTPS over HTTP? For now im using the built in function, sometimes i get a popup "secure connection not available, https onlymode alert" and i close the website. Are you saying using the built in https only mode and dns over https at the same time is a bad idea? But after all, no matter if i use the extension or the built in mode, as long as the connection is HTTPS it is secured? I mean, those two functions might work different but in the end as long as HTTPS is visible they have the same result?

So for the original question, as the extension seems to be more "advanced" this appears to be the reason why Tor uses it over the built in function?