I've only just noticed that whatever address I go to for example amazon.co.uk the browser Chromium or Firefox always precedes it with https:// and not plain old http://

Recently I started using a laptop with a new install Linux Mint 19.2 and this tries to log on to my router unless I specifically add https:// to the address I'm going to.

Never seen this behaviour before - presumably it's browser setting?

Can someone explain this please? Okay I understand https is encrypted I just hadn't noticed this was how my browser accesses every page I go to!

Are you sure it's every page? There's an increasing number of websites that are securing their connections, requiring https, but probably not every site, yet.
A brief search returned an article stating that "half the web is encrypted," so your odds of finding a pages that's not are getting slimmer every day.

It's not a "browser setting" -- it's controlled by the web site you're addressing. I find it best to just enter the domain name, absent the protocol (https:// part), and let the site I'm visiting set that.

There's a firefox plugin that uses https wherever the website allows it. Maybe you have that installed.

I have noticed this myself on the most recent FF versions.
Essentially, what used to be "HTTPS Everywhere" addon functionality, is now baked right into the browser (and apparently enabled by default).
This has also been paired with the inability to add a permanent security exception for sites with "untrusted" certificates.

Hmm. I'm not seeing that HTTPS everywhere functionality. In fact, the link in the OP's signature is an unsecured site that works just fine for me (FF 69.0.2)

I also have a couple of sites where have added a permanent security exception, although I may have done that in an earlier version. (They are Webmin installs on internal 'puters, including this desktop). There is an option to remove the exception, but I've not done that in case you're right about not being able to add it. What is kind of obtuse is getting to that information for a site: Try clicking on the i-in-a-circle in the address space and see if that gives you the ability to add an exception.
I'm just guessing, tho...

It's not you or your browser. The websites (yes, all of them) are set up, server-side, to redirect you to the HTTPS URLs.

2 members found this post helpful.

Well, that makes sense, and I also thought surely not every web page is now encrypted.

This only came about because I was trying a live Mint 19.2 on a new (to me) laptop (Lenovo ThinkPad X201), wired connection, and when I fired up Firefox it only showed my router ip address - no def

If I typed in www.amazon.co.uk it did the same, but if i explicitly typed https://amazon.co.uk it was good, no problem.

So that's how I found the 'problem' - from a live Mint 19.2 64 bit install, no home page set - it used to be something like this https://www.linuxmint.com/start/

Anyway - I'll go for a full install and see what happens

Ahh. I always set the home page of a new FF install to DDG, so I don't see the "default"

DDG - DuckDuckGo?

I too set a bunch of home pages, but I hadn't installed Mint yet, just testing a few live distro's before deciding which to go with - Mint 19.2 is in the lead at the mo!

Cheers

Yes. Sorry. I got lazy.

I was slightly wrong - I actually remember the exact problem now:

• firstly, I'm not on ESR, but this started around v68.
• it has something to do with site preferences: once you visited a site's https version it won't let you go to the http version, even if you explicitely type that in: http://some.site
• until you delete the "Site Data" for that site, then you can visit the http version

100% reproducible on my setup - of course only for sites that don't automatically redirect to https anyhow.

1 members found this post helpful.

I've become a fan of Brave browser - among many things you can set it to force loading https if the site does not do it automatically:
From what I've gathered, is this not now the "safe" way to visit sites?

Yes it is the safe way (encrypted transmission between the client and the server), but I don't think the client/browser can force the https connection...it must be supported by the server and the server must present a valid security certificate before it can be used.

Which is not to say that the browser, or an add-on, can't be configured to always try https...

1 members found this post helpful.

From what Brave browser has said, I think this function will actually prevent a connection without https.
Not sure about this, but I'm shutting one eye and pretending it's true till I see otherwise.

Could be. Preventing is not the same as “force loading of https...”