Chromium Blog: Towards HTTPS by default

Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ by ⁨Spotlight7573@lemmy.world⁩ to ⁨technology@lemmy.world⁩

https://blog.chromium.org/2023/08/towards-https-by-default.html

cross-posted from: lemmy.world/post/3301227

Chrome will be experimenting with defaulting to https:// if the site supports it, even when an http:// link is used and will warn about downloads from insecure sources for “high-risk files” (example given is an exe). They’re also planning on enabling it by default for Incognito Mode and “sites that Chrome knows you typically access over HTTPS”.

source

Comments

Sort:hotnew top

the_q@lemmy.world ⁨1⁩ ⁨year⁩ ago
Don’t use chromium based browsers.

source
- Buddahriffic@lemmy.world ⁨1⁩ ⁨year⁩ ago
  Is this just general advice? If so, I agree, but if it’s specific to this, what’s the problem you see with it?
  
  source
  - thantik@lemmy.world ⁨1⁩ ⁨year⁩ ago
    Google has shown that they’re going to go the Microsoft strategy with Browser control. So long as they have majority control, that means they can be as anti-user as they would like, but since everything is downstream of chromium, everyone just basically accepts it. Everything from Google AMP (which was their attempt to take over the web in whole), to their new “Web Integrity API” which aims to lock out any competitors.
    
    source
    -> View More Comments
  - the_q@lemmy.world ⁨1⁩ ⁨year⁩ ago
    It is general advice, but https should have been the default for a good while.
    
    source
  - gravitas_deficiency@sh.itjust.works ⁨1⁩ ⁨year⁩ ago
    If we have to pick just one reason: WEI. As someone who’s been a professional software engineer for a decade and a half, this has the potential to mutate and ruin the internet at large in ways we’re only beginning to fully explore and understand.
    
    source
    -> View More Comments
- lolcatnip@reddthat.com ⁨1⁩ ⁨year⁩ ago
  Keep grinding that ax.
  
  source
- Engywuck@lemm.ee ⁨1⁩ ⁨year⁩ ago
  I’ll keep using Brave because I like it. Thank you for your concern.
  
  source
LordXenu@artemis.camp ⁨1⁩ ⁨year⁩ ago
Pushing traffic to https isn’t the worst thing. My ask would be to have a toggle to disable due to local development or server deployments where http/port 80 is the only choice.

source
- lily@shinobu.cloud ⁨1⁩ ⁨year⁩ ago
  It does specifically say “defaulting to https:// if the site supports it”, so I think specifying http will still work if the site doesn’t actually support https.
  
  source
  - Valmond@lemmy.mindoki.com ⁨1⁩ ⁨year⁩ ago
    Got a message back from Https, let’s switch!
    
    The message:
    
    “Internal nginx routing error.”
    
    source
  - dust_accelerator@discuss.tchncs.de ⁨1⁩ ⁨year⁩ ago
    No testing a server side http-to-https upgrade/redirect without reconfiguring your browser. This seems like an unnecessary and bad idea.
    
    This could be easily done better by promoting such server-side configurations as a default.
    
    I mean, why should the browser attempt to correct inappropriately configured servers? Shouldn’t they rather be making PRs to NGINX/Apache/CAs or whatever?
    
    source
yoz@aussie.zone ⁨1⁩ ⁨year⁩ ago
Not touching chromium or chrome. Sworry! Happy with Firefox.

source
dan1101@lemm.ee ⁨1⁩ ⁨year⁩ ago
Their Googlebot has been pushing https hard for years. I really don’t see the point for mundane sites with no sensitive or controversial content, but there is no way to fight Google so like a good little site operator I go along if I want to be in Google search results.

source