Utilize built-in HTTPS-Only mode and drop HTTPS Everywhere

Why do Tor browser still uses HTTPS Everywhere when the same feature is already built-in?

Because the securedrop.tor onion names isn’t built-in, they depend on HTTPS-E.


Hi @vufila, excellent point. It’s on our radar and the switch will happen before HTTPS-Everywhere is deprecated at the end of 2022 – however as @HackerNCoder points out there are dependencies like SecureDrop’s human-readable onions that we’ll need to remedy first, and HTTPS-Only mode itself will need thoroughly tested too.


I’ll be sad when HTTPS Everywhere is completely dropped and abandoned.

There was something comforting about it sitting there with a red S icon, knowing you would only be connecting via HTTPS.

I stumbled upon this post when I already posted on GitHub

HTTPS Everywhere addon cannot be uninstalled. With Firefox’s own abilities to set HTTPS in it’s settings this addon is redundant.

I don’t want to use DuckDuckGo Smarter Encryption that comes with the addon but I’m forced to because I simply can’t remove this.

I want to ask for a “proper” TorBrowser with HTTPS enabled through “normal” settings and without the HTTPS Everywhere addon or at least the option to remove this addon.

If HTTPS-E is tied to securedrop.tor then you should properly seperate things rather then building up such dependencies.

Also PrivacyBadger is inferior to uBlockOrigin. I understand that it’s an EFF thing but one should always choose the technically better option.

That said: Thanks for you nice work!