On Sun, Apr 25, 2021 at 7:13 PM nusenu <nusenu-li...@riseup.net> wrote: > > > (FWIW: on the client side there is still the HTTPS-only mode in the > > pipeline, which could easily be a game-changer here, too.) > > Is the torproject backporting https-only mode [1] to 78esr / Tor Browser?
No. Firefox 78esr has an older version of https-only mode, but newer versions of Firefox have many bugfixes. We don't feel comfortable enabling the current implementation available in Tor Browser, and backporting the fixes/improvements would be challenging. Currently, our recommendation is enabling EASE mode in https-everywhere if you feel comfortable with the trade-offs, but that mode has usability issues as well, and we aren't comfortable enabling that for everyone. When Tor Browser migrates to Firefox 91esr we will look at enabling https-only mode for everyone, but there remains a significant concern that there are many sites that do not support HTTPS (especially more region specific sites) and the question of what messaging Tor Browser should use in that case. > > kind regards, > nusenu > > [1] > https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ > > > -- > https://nusenu.github.io > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
