On Sun, Apr 25, 2021 at 7:13 PM nusenu nusenu-lists@riseup.net wrote:
(FWIW: on the client side there is still the HTTPS-only mode in the pipeline, which could easily be a game-changer here, too.)
Is the torproject backporting https-only mode [1] to 78esr / Tor Browser?
No. Firefox 78esr has an older version of https-only mode, but newer versions of Firefox have many bugfixes. We don't feel comfortable enabling the current implementation available in Tor Browser, and backporting the fixes/improvements would be challenging. Currently, our recommendation is enabling EASE mode in https-everywhere if you feel comfortable with the trade-offs, but that mode has usability issues as well, and we aren't comfortable enabling that for everyone.
When Tor Browser migrates to Firefox 91esr we will look at enabling https-only mode for everyone, but there remains a significant concern that there are many sites that do not support HTTPS (especially more region specific sites) and the question of what messaging Tor Browser should use in that case.
kind regards, nusenu
[1] https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-onl...
-- https://nusenu.github.io _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays