TransWikia.com

Why doesn't Tor browser block HTTP by default?

Tor Asked by Swangie on March 2, 2021

Unencrypted HTTP protocol does not protect data from being modified or intercepted. Without a secure connection, the user could be tracked and monitored, deanonymizing them. However, the Tor browser does not enable by default HTTPS connections after installation. It’s only advised to make sure that the user is using an HTTPS connection in the Tor Project manual. Some users may not realize this and this could potentially expose them. The HTTPS Everywhere addon already comes pre-intsalled and it contains an option to block unencrypted requests. So why isn’t this enabled by default or why isn’t the Tor browser blocking HTTP connections without using the addon?

One Answer

It's not enabled by default because it would block a significant fraction of the Internet for users. Blocking HTTP-only traffic will likely come in the future once Tor Browser is using a version of Firefox with HTTPS-only mode, and once the developers feel they can do it while minimizing the usability impact (for example providing documentation to explain why it was blocked, allowing the user to bypass the block, etc).

https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40294
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/19850#note_2723899

Correct answer by Steve on March 2, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP