Https and old bookmarks

I’ve been having problems loading BBC News recently, but kind of ignored it until it became serious: my wife started having problems too. Naturally, this kicked me into action and I eventually spotted that our bookmarks for BBC News used http, not https. Once I updated the bookmark, it was fine.

So, I went through my bookmarks and spotted quite a lot of old ones with the http prefix, which I updated.
I could imagine this being the case for a lot of people and I don’t know how important it is. Could this practice of using bookmarks be reducing Internet security for people?

Bookmacster has a tool for this (to check and then update all bookmarks to HTTPS), though that doesn’t help the less technically minded that add bookmarks.

However, I think people use bookmarks relatively less now than before - I know a lot of my colleagues just search for websites every time they want them.

Does Chrome not try and babysit you to the https version as well? I know all browsers have upped the ante in terms of warning for non https sites.

Safari should send you to the https version if it’s available?

In this case it might even enhance the security since it’ll probably result in very visible error messages, and might make people look at where they are going.

Bookmarks in general might make you unaware of the destination, so that might be a problem, especially if the site has been compromised. But that would be the same if you type the URL is my guess.

This has me wondering… why do we even need to store “http://” or “https://” in bookmarks in the first place?

Yes, I know the technical reality of a URL, but for the sake of a small UI change to allow for ftp:// or whatever else that 0.001% of users might want, surely it could be dispensed with entirely? Just assume https:// and fall back to http:// (or not based on user preference).

Search for HTTPS Everywhere browser plugins from EFI to convert HTTP automatically.

Don’t think they have a plug-in for Safari.

1 Like

The redirection from http to https should be done at the server and be transparent to the user. I’m surprised the BBC doesn’t have that as part of their web configuration.

1 Like