Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove obsolete HTTPS Everywhere list from Brave since it's no longer needed #28433

Closed
Inasad opened this issue Feb 10, 2023 · 9 comments · Fixed by brave/brave-core#19779
Closed

Remove obsolete HTTPS Everywhere list from Brave since it's no longer needed #28433

Inasad opened this issue Feb 10, 2023 · 9 comments · Fixed by brave/brave-core#19779
Assignees
@arthuredelstein
Labels
OS/Android Fixes related to Android browser functionality OS/Desktop QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes release-notes/include
Milestone
1.62.x - Release

Comments

@Inasad
Copy link

Inasad commented Feb 10, 2023

https://www.eff.org/deeplinks/2021/09/https-actually-everywhere

https://www.eff.org/https-everywhere/set-https-default-your-browser

As of January 2023, the software has been sunset and will no longer receive updates because it is now redundant. Brave has HTTPS Everywhere built-in, but it no longer serves a purpose since you no longer need the extension to do what it was intended to do, as Chromium has a native setting to enable HTTPS-Only Mode. Are there plans to remove the extension from Brave and leave it up to native Chromium functionality?
@Inasad Inasad added OS/Android Fixes related to Android browser functionality OS/Desktop labels Feb 10, 2023
@antonok-edm
Copy link
Contributor

You might be interested in https://brave.com/privacy-updates/22-https-by-default 😄

I believe there are still a few HTTPS Everywhere remnants in the browser and our component server, but my understanding is that those will be removed soon.

cc @fmarier @arthuredelstein

@arthuredelstein arthuredelstein self-assigned this Feb 10, 2023
@fmarier fmarier changed the title HTTPS Everywhere has been deprecated by the EFF Remove HTTPS Everywhere from Brave Feb 10, 2023
@antonok-edm antonok-edm mentioned this issue Apr 19, 2023
Closed
@arthuredelstein arthuredelstein mentioned this issue Aug 19, 2023
Merged
25 tasks
@brave-builds brave-builds added this to the 1.62.x - Nightly milestone Oct 28, 2023
@rebron rebron added this to Completed in General Oct 31, 2023
@stephendonner
Copy link

Hi @arthuredelstein ! Mind adding a testplan here, when you get a chance? Thanks! Adding QA/Blocked and QA/Test-Plan-Required just until we've got that, and then we'll be fully unblocked 👍

@arthuredelstein
Copy link

Hi @stephendonner! My suggestion would be just to confirm that HTTPS Upgrades are still working. Probably a subset of past QA on #27141 ?

@stephendonner
Copy link

Hi @stephendonner! My suggestion would be just to confirm that HTTPS Upgrades are still working. Probably a subset of past QA on #27141 ?

Thanks; I'll get it started, and perhaps you can review once I'm in a good place with it 👍

@stephendonner stephendonner added QA/In-Progress Indicates that QA is currently in progress for that particular issue and removed QA/Blocked QA/Test-Plan-Required labels Nov 9, 2023
@stephendonner
Copy link

stephendonner commented Nov 9, 2023
edited

Verification PASSED using

Brave | 1.62.39 Chromium: 119.0.6045.134 (Official Build) nightly (x86_64)
-- | --
Revision | bca25a6d30376dbda1a5506d040dc49e6d30008b
OS | macOS Version 11.7.10 (Build 20G1427)
brave://version brave://flags
Screen Shot 2023-11-09 at 2 25 45 PM Screen Shot 2023-11-09 at 2 26 24 PM

Default - Upgrade connections to HTTPS, Standard - PASSED

  1. installed 1.62.39
  2. launched Brave
  3. confirmed Upgrade connections to HTTPS is set to Standard in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
default insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-11-09 at 2 08 35 PM Screen Shot 2023-11-09 at 2 09 38 PM Screen Shot 2023-11-09 at 2 10 07 PM Screen Shot 2023-11-09 at 2 10 43 PM

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-11-09 at 2 13 03 PM Screen Shot 2023-11-09 at 2 15 16 PM Screen Shot 2023-11-09 at 2 15 35 PM

Upgrade connections to HTTPS, Strict - PASSED

  1. installed 1.62.39
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Strict in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
Upgrade connections, Strict insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-11-09 at 2 20 38 PM Screen Shot 2023-11-09 at 2 21 58 PM Screen Shot 2023-11-09 at 2 22 10 PM Screen Shot 2023-11-09 at 2 22 26 PM

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-11-09 at 2 24 19 PM Screen Shot 2023-11-09 at 2 24 34 PM Screen Shot 2023-11-09 at 2 24 52 PM

Upgrade connections to HTTPS, Disabled - PASSED

  1. installed 1.62.39
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
Upgrade connections, Disabled insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-11-09 at 2 31 14 PM Screen Shot 2023-11-09 at 2 31 40 PM Screen Shot 2023-11-09 at 2 31 53 PM Screen Shot 2023-11-09 at 2 32 17 PM

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-11-09 at 2 33 03 PM Screen Shot 2023-11-09 at 2 33 42 PM Screen Shot 2023-11-09 at 2 33 51 PM

Update from 1.60.114, Disabled - PASSED

  1. installed 1.60.114
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
  4. upgraded to 1.62.39
  5. loaded http://insecure.arthuredelstein.net
  6. loaded http://http.badssl.com
  7. loaded http://upgradable.arthuredelstein.net
  8. opened a New Private Window with Tor and loaded each of the above
1.60.114 Upgrade connections, Disabled insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-11-09 at 4 39 44 PM Screen Shot 2023-11-09 at 4 41 22 PM Screen Shot 2023-11-09 at 4 47 01 PM Screen Shot 2023-11-09 at 4 47 10 PM Screen Shot 2023-11-09 at 4 47 24 PM

Tor

Confirmed all sites loaded, with the 1st two having interstitials and the last being automatically upgraded to HTTPS

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-11-09 at 4 51 27 PM Screen Shot 2023-11-09 at 4 52 54 PM Screen Shot 2023-11-09 at 4 53 00 PM

@stephendonner stephendonner added QA Pass-macOS and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Nov 10, 2023
@stephendonner
Copy link

Also confirmed the removal of the Brave HTTPS Everywhere Updater - Version: 1.0.170 component

1.60.118 1.62.73
Screen Shot 2023-11-22 at 11 25 54 AM Screen Shot 2023-11-22 at 11 27 17 AM

@stephendonner stephendonner mentioned this issue Nov 22, 2023
Open
@MadhaviSeelam
Copy link

MadhaviSeelam commented Dec 12, 2023
edited

Verification PASSED using

Brave | 1.62.105 Chromium: 120.0.6099.71 (Official Build) beta (64-bit)
-- | --
Revision | f72c783bcd52110d026061575b4bef28ccb547f7
OS | Windows 11 Version 22H2 (Build 22621.2715)
brave://version brave://flags
image image

brave://components

Confirmed removal of the Brave HTTPS Everywhere Updater - Version: 1.0.170 component

1.61.101 1.62.105
image image

Default - Upgrade connections to HTTPS, Standard - PASSED

  1. installed 1.62.105
  2. launched Brave
  3. confirmed Upgrade connections to HTTPS is set to Standard in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
default insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Upgrade connections to HTTPS, Strict - PASSED

  1. installed 1.62.105
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Strict in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above

Confirmed Interstitial page for insecure websites (step 4 & 5).

Confirmed site is upgraded to https in Step 6

Interstitial page Upgrade connections, Strict insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image image

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Upgrade connections to HTTPS, Disabled - PASSED

  1. installed 1.62.39
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
Upgrade connections, Disabled insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image

Tor

Confirmed Tor windows always use Strict mode though Normal window setting is Disabled

Confirmed Interstitial page for insecure websites (step 4 & 5).

Confirmed site is upgraded to https in step 6

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Update from 1.61.101, Disabled - PASSED

  1. installed 1.61.101
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
  4. upgraded to 1.62.105
  5. loaded http://insecure.arthuredelstein.net
  6. loaded http://http.badssl.com
  7. loaded http://upgradable.arthuredelstein.net
  8. opened a New Private Window with Tor and loaded each of the above
1.60.114 Upgrade connections, Disabled insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image image

Tor

Confirmed all sites loaded, with the 1st two having interstitials and the last being automatically upgraded to HTTPS

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

@hffvld hffvld added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Dec 22, 2023
@hffvld
Copy link
Contributor

hffvld commented Dec 22, 2023

Verified on Galaxy Tab S8 and Pixel 7 using version(s):

Device/OS: 
- Galaxy Tab S8 / gts8wifixx-user 13 TP1A.220624.014 release-keys
- Pixel 7 / panther_beta-user 14 AP11.231020.013.A1 release-keys
Brave build: 1.62.116
Chromium: 120.0.6099.144 (Official Build) beta (64-bit)
Pixel 7 / phone

STEPS:

  1. Launch Brave
  2. Go to brave://flags > Verify that https-by-default is enabled
  3. Go to brave://components > Verify that Brave HTTPS Everywhere Updater is removed

ACTUAL RESULTS:

  • Verified that https-by-default is enabled by default
  • Verified that Brave HTTPS Everywhere Updater is removed
1 2 3 4
1 2 3 4
Upgrade to HTTPS whenever possible (default)

STEPS:

  1. Fresh install and launch Brave
  2. Three-dot menu > Settings
  3. Brave Shields & privacy > Upgrade connections to HTTPS > Verify that it set to (default)
  4. Go back and open http://insecure.arthuredelstein.net > Verify
  5. Open http://http.badssl.com > Verify
  6. Open http://upgradable.arthuredelstein.net > Verify
  7. Open New Private tab > Repeat steps 4 - 6 > Verify the same

ACTUAL RESULTS:

  • Verified that Upgrade connections to HTTPS is set to Upgrade to HTTPS whenever possible (default) by default
  • Verified that Upgrade to HTTPS whenever possible (default) is working as expected in Normal and Private tabs
1 2 3 4
1 2 3 4
1 2 3 4
Don't upgrade connections to HTTPS (disabled)

STEPS:

  1. Fresh install and launch Brave
  2. Three-dot menu > Settings
  3. Brave Shields & privacy > Upgrade connections to HTTPS > Change it to Don't upgrade connections to HTTPS (disabled)
  4. Go back and open http://insecure.arthuredelstein.net > Verify
  5. Open http://http.badssl.com > Verify
  6. Open http://upgradable.arthuredelstein.net > Verify
  7. Open New Private tab > Repeat steps 4 - 6 > Verify the same

ACTUAL RESULTS:

  • Verified that Don't upgrade connections to HTTPS (disabled) is working as expected in Normal and Private tabs
1 2 3 4
1 2 3 4
1 2 3 4
Require all connections to use HTTPS (strict)

STEPS:

  1. Fresh install and launch Brave
  2. Three-dot menu > Settings
  3. Brave Shields & privacy > Upgrade connections to HTTPS > Change it to Require all connections to use HTTPS (strict)
  4. Go back and open http://insecure.arthuredelstein.net > Verify
  5. Open http://http.badssl.com > Verify
  6. Open http://upgradable.arthuredelstein.net > Verify
  7. Open New Private tab > Repeat steps 4 - 6 > Verify the same

ACTUAL RESULTS:

  • Verified that Require all connections to use HTTPS (strict) is working as expected in Normal and Private tabs
1 2 3 4
1 2 3 4
1 2 3 4
Upgrade from `1.61.86` to `1.62.116`

STEPS:

  1. Fresh install 1.61.86 and launch Brave
  2. Three-dot menu > Settings
  3. Brave Shields & privacy > Upgrade connections to HTTPS > Change it to Require all connections to use HTTPS (strict)
  4. Upgrade Brave to 1.62.116 and launch it
  5. Open http://insecure.arthuredelstein.net > Verify
  6. Open http://http.badssl.com > Verify
  7. Open http://upgradable.arthuredelstein.net > Verify
  8. Open New Private tab > Repeat steps 4 - 6 > Verify the same

ACTUAL RESULTS:

  • Verified that Upgrade connections to HTTPS settings are working as expected in the Normal and Private tabs
1.61.86 1.62.116
1 2
1 2
1 2 3 4
1 2 3 4
1 2 3 4
Galaxy Tab S8 / tablet

STEPS:

  1. Launch Brave
  2. Go to brave://flags > Verify that https-by-default is enabled
  3. Go to brave://components > Verify that Brave HTTPS Everywhere Updater is removed

ACTUAL RESULTS:

  • Verified that https-by-default is enabled by default
  • Verified that Brave HTTPS Everywhere Updater is removed
1 2 3 4
1 2 3 4
Upgrade to HTTPS whenever possible (default)

STEPS:

  1. Fresh install and launch Brave
  2. Three-dot menu > Settings
  3. Brave Shields & privacy > Upgrade connections to HTTPS > Verify that it set to (default)
  4. Go back and open http://insecure.arthuredelstein.net > Verify
  5. Open http://http.badssl.com > Verify
  6. Open http://upgradable.arthuredelstein.net > Verify
  7. Open New Private tab > Repeat steps 4 - 6 > Verify the same

ACTUAL RESULTS:

  • Verified that Upgrade connections to HTTPS is set to Upgrade to HTTPS whenever possible (default) by default
  • Verified that Upgrade to HTTPS whenever possible (default) is working as expected in Normal and Private tabs
1 2 3 4
1 2 3 4
1 2 3 4
Don't upgrade connections to HTTPS (disabled)

STEPS:

  1. Fresh install and launch Brave
  2. Three-dot menu > Settings
  3. Brave Shields & privacy > Upgrade connections to HTTPS > Change it to Don't upgrade connections to HTTPS (disabled)
  4. Go back and open http://insecure.arthuredelstein.net > Verify
  5. Open http://http.badssl.com > Verify
  6. Open http://upgradable.arthuredelstein.net > Verify
  7. Open New Private tab > Repeat steps 4 - 6 > Verify the same

ACTUAL RESULTS:

  • Verified that Don't upgrade connections to HTTPS (disabled) is working as expected in Normal and Private tabs
1 2 3 4
1 2 3 4
1 2 3 4
Require all connections to use HTTPS (strict)

STEPS:

  1. Fresh install and launch Brave
  2. Three-dot menu > Settings
  3. Brave Shields & privacy > Upgrade connections to HTTPS > Change it to Require all connections to use HTTPS (strict)
  4. Go back and open http://insecure.arthuredelstein.net > Verify
  5. Open http://http.badssl.com > Verify
  6. Open http://upgradable.arthuredelstein.net > Verify
  7. Open New Private tab > Repeat steps 4 - 6 > Verify the same

ACTUAL RESULTS:

  • Verified that Require all connections to use HTTPS (strict) is working as expected in Normal and Private tabs
1 2 3 4
1 2 3 4
1 2 3 4
Upgrade from `1.61.86` to `1.62.116`

STEPS:

  1. Fresh install 1.61.86 and launch Brave
  2. Three-dot menu > Settings
  3. Brave Shields & privacy > Upgrade connections to HTTPS > Change it to Require all connections to use HTTPS (strict)
  4. Upgrade Brave to 1.62.116 and launch it
  5. Open http://insecure.arthuredelstein.net > Verify
  6. Open http://http.badssl.com > Verify
  7. Open http://upgradable.arthuredelstein.net > Verify
  8. Open New Private tab > Repeat steps 4 - 6 > Verify the same

ACTUAL RESULTS:

  • Verified that Upgrade connections to HTTPS settings are working as expected in the Normal and Private tabs
1.61.86 1.62.116
1 2
1 2
1 2 3 4
1 2 3 4
1 2 3 4

@hffvld hffvld added QA Pass - Android ARM QA Pass - Android Tab and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Dec 22, 2023
@btlechowski
Copy link

Verified with

Brave 1.62.122 Chromium: 120.0.6099.144 (Official Build) beta (64-bit)
Revision cfddebe77d394064c472fda64afcd9fbed34ceb4
OS Linux

brave://components

Confirmed removal of the Brave HTTPS Everywhere Updater - Version: 1.0.170 component

1.61.x 1.62.x
image image

Default - Upgrade connections to HTTPS, Standard - PASSED

  1. installed 1.62.x
  2. launched Brave
  3. confirmed Upgrade connections to HTTPS is set to Standard in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
default insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Upgrade connections to HTTPS, Strict - PASSED

  1. installed 1.62.x
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Strict in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above

Confirmed Interstitial page for insecure websites (step 4 & 5).

Confirmed site is upgraded to https in Step 6

Upgrade connections, Strict | insecure.arthuredelstein.net | http.badssl.com | upgradable.arthuredelstein.net
----------|-------------------------------|--------------------|-----------------|----------------
image|image|image|image

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Upgrade connections to HTTPS, Disabled - PASSED

  1. installed 1.62.x
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
Upgrade connections, Disabled insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image

Tor

Confirmed Tor windows always use Strict mode though Normal window setting is Disabled

Confirmed Interstitial page for insecure websites (step 4 & 5).

Confirmed site is upgraded to https in step 6

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Update from 1.61.x, Disabled - PASSED

  1. installed 1.61.101
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
  4. upgraded to 1.62.x
  5. loaded http://insecure.arthuredelstein.net
  6. loaded http://http.badssl.com
  7. loaded http://upgradable.arthuredelstein.net
  8. opened a New Private Window with Tor and loaded each of the above
image image
1.61.x Upgrade connections, Disabled insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image image

@atuchin-m atuchin-m mentioned this issue Dec 28, 2023
Open
@fmarier fmarier changed the title Remove HTTPS Everywhere from Brave Remove obsolete HTTPS Everywhere list from Brave since it's no longer needed Jan 3, 2024
@LaurenWags LaurenWags mentioned this issue Jan 24, 2024
Closed
@rebron rebron removed this from Completed in General Jan 26, 2024
@kjozwiak kjozwiak mentioned this issue Jan 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arthuredelstein arthuredelstein

Labels
OS/Android Fixes related to Android browser functionality OS/Desktop QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes release-notes/include
Projects
None yet
Milestone
1.62.x - Release
Development

Successfully merging a pull request may close this issue.

Remove HTTPS Everywhere brave/brave-core
10 participants
@arthuredelstein @stephendonner @rebron @antonok-edm @LaurenWags @btlechowski @brave-builds @MadhaviSeelam @Inasad @hffvld