HTTPS Everywhere?

[Retired]

Some time ago, an article was posted here on Psychlinks advising that the shortcut to launch Google Chrome browser be modified to add the following syntax, leaving a space after chrome.exe -ssl-version-min=tls1

I can't recall the reason for doing this and if the instruction is still relevant, but another similar security strategy has emerged that I'd like to learn more about and get feedback on.

Please see:

HTTPS Everywhere | Electronic Frontier Foundation

HTTPS... Everywhere! - Malwarebytes Labs | Malwarebytes Labs

HTTPS Everywhere - Chrome Web Store

What's the significance of HTTPS Everywhere?

What about the syntax added to the Chrome launch shortcut?

 

[David Baxter PhD]

I'm afraid I don't know what the flags in the chrome.exe shortcut are supposed to do and I can't find any information on it.

As for HTTPS Everywhere, as far as I can tell that is a way to force your connections to sites from http:// to https:// - if https:// is implemented properly, that should be automatic, and if the site in question has not yet switched over to https:// as far as I know that will generate a misconfiguration error, so I don't know what the point is - especially since most modern browsers are pretty blatant about providing warnings of sites or pages are insecure.

It seems to me that has more to do with paranoia, unless the person is engaging in activities on the net they need to hide for some reason. Additionally, I see some warnings about HTTPS Everywhere causing problems on some computers.

If you need an ultra secure connection, you might be better off installing a VPN (Virtual Private Network).

 

[David Baxter PhD]

I did find these links to information on various flags available for Chrome (what you posted above is basically a command line execute command with a few flags after it).

You can bring up a page in Chrome that shows you several flags you can enable or disable to customize or improve your personal browser experience. These can be set/enabled without the need for command line flags. Just enter this in the Chrome address bar: http://chrome:flags

Flags and Plugins - Chrome OS Wiki

7 Chrome Flags You Should Enable for a Better Browsing Experience - Make Tech Easier

Most useful Google Chrome Flag settings for Windows users

16 Hidden Chrome Settings Worth Tweaking

Chrome Flags: A Complete Guide To Enhance Web Browsing

How to find and enable Chrome flags - Business Insider

Run Chromium with flags - The Chromium Projects

 

[Retired]

Here is the original post I referred to earlier regarding the syntax added to the shortcut: Protecting yourself from POODLE attacks on SSL 3.0 | Psychlinks

No, I don't need an ultra secure VPN for the work I do...:hide:, so there doesn't seem to be any additional security benefit for https everywhere

A friend asked me about it today, so I was looking for more info.

I'll point him to this discussion.

 

[David Baxter PhD]

Here is the original post I referred to earlier regarding the syntax added to the shortcut: Protecting yourself from POODLE attacks on SSL 3.0 | Psychlinks

Oh I think that's outdated now. But that makes sense since it looked to me like your chrome flags were trying to force a secure connection via TLS rather than SSL 3.0. Most servers today will do that automatically.