[kofalt]

Shouldn't be terribly surprising: http://dayswithoutansslexploit.com

HTTPS might be better than getting a website in cleartext, but you'd have to be a madman to claim that HTTPS is safe, sane, or secure.

[johannh]

True, I'm not surprised at all. HTTPS Everywhere-like functionality should be integrated into browsers and not a downloadable extra, tricking people into feeling fully secured.

[toomuchtodo]

While not "everywhere"...

Force SSL only: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

Have site preloaded in Chrome: https://hstspreload.appspot.com

[mbrubeck]

Firefox also has a built-in HSTS preload list, which I believe uses the Chrome list as one of its inputs: https://blog.mozilla.org/security/2012/11/01/preloading-hsts...