“When users use a private window in Firefox, the connection to the requested domain will now default to HTTPS even if a user manually enters the HTTP protocol” zdnet.com/article/firefo…
Firefox 91 in private mode after attempting to load a site over the insecure scheme that refuses to do HTTPS. Welcome to the future, I like this 😊 
Note that you can still access the site - nobody has killed HTTP here - you're just warned about there not being a secure connection. You can still decide to load it and take the chance.
Responses along the lines of "but I'm the master and if I tell the browser to load a page over HTTP then I damn well expect to be insecure" are *really* short-sighted. Here's why:
There are over 4 billion people on the internet. With the exception of those holding this view (and there's a sub-1% number of you), everyone who types in a URL - including the scheme - just wants to load the page. They don't think twice about TLS.
If they type in "http://[url]" it's not because they're consciously thinking "gee I'd like to load a site without without needing a valid cert", it'd because they're thinking "just give me the damn website". Defaulting to HTTPS is just one more way of protecting the masses.
If you're in that sub-1% of people and you'd like to be able to force insecure requests, then just disable the feature. It'll take you 1 minute and your inconvenience is worth it in order to better protect the other 99%+ of people.
And no, you don't get prompted when loading local IP addresses, the content loads immediately and you just get the "connection is not secure" icon. That's because the connection is not secure.
So in short, this view held be some that the browser should blindly follow everything asked of it is non-sensical when viewed in the broader context of who it's made for. If you don't like it, go and use... well... they're all heading this direction so good luck with that!
• • •
Missing some Tweet in this thread? You can try to
force a refresh
