[mehrdadn]

Does HTTPS Everywhere actually work for you? It's utterly useless for me as far as I can tell. Try going to some site (say, example.net) in Chrome and watch it just load HTTP.

[notpiika]

IIRC, you have to enable the "strict" mode, or something along those lines, in the settings before it rejects HTTP connections from being made. I had the same issue.

[mehrdadn]

Thanks, but then what do I do about HTTP-only sites? Why can't it default to HTTPS and then auto-fallback to HTTP when HTTPS connections fail for sites that aren't in the known-HTTPS list? It seems like a logical thing to do instead of just going straight to HTTP.

[tialaramex]

This only helps you at all against passive adversaries.

An active adversary will just cheerfully block that HTTPS connection because you'll fall back to insecure silently.

[mehrdadn]

I fully understand that and that's still clearly still better than going straight to HTTP, which it's already doing.

[makeworld]

HTTPS Everywhere only loads HTTPS on a predefined list of sites. I just use SmartHTTPS on Firefox now.