1

Topic: [Announce] HTTPS Inquirer

Hyperbola Project is happy to announce the first stable release of HTTPS Inquirer

https://framapic.org/eAcBcaGVCy1Q/wPY1v3nxd0Jz.png

HTTPS Inquirer is a companion addon for HTTPS Always to generate your own rulesets locally, which are then saved in the application's profile directory under the HTTPSAlwaysUserRules folder.

Why?

One of the main problems with HTTPS Always (formerly Everywhere from which we forked) is that it was never able to actually give you HTTPS on ALL websites. It depends on an internal whitelist which needs frequent updating.

It is worth noting that in the newer WebExt version of HTTPS Everywhere, it's internal whitelist was largely replaced by a central online repository which downloads the whitelist file regularly in the background. This allows them to keep sending frequent updates without requiring you to re-download the entire addon. Unfortunately, this implementation wastes bandwidth and creates a potential fingerprinting risk for it's users by creating additional internet traffic to it's domains.

The main problem with any whitelist approach is that we cannot know all websites which support HTTPS and many that do support it quite well, but were not whitelisted, are completely missed by HTTPS Always. This is where HTTPS Inquirer comes to the rescue. The addon was forked from HTTPS Finder which hasn't worked properly since at least > FF26.

HTTPS Inquirer sends queries to the server to check for SSL/TLS. If it exists, and detects no certificate errors, the user is instantly taken to the HTTPS version and asked if they would like to generate their own ruleset file. If they choose to do so, the extension then generates a properly formatted ruleset XML, and saves it in the application's profile directory under the HTTPSAlwaysUserRules folder. This folder is subsequently used by HTTPS Always on all future visits.

This decentralized approach allows users themselves the ability to create their own rulesets without waiting for an update on the addon. This may also be useful for internal domains which would not be otherwise given HTTPS support on the global whitelist.

Where?
The addon can be downloaded and installed from our wiki. It is not intended to be used without HTTPS Always, merely a companion to it.