You really consider that after the “Firesheep” extension with the HTTPS Connection Flaw drama in Febr. last year? Just think again.
You need the full shield detection of avast on normal http connections allways.
With https you loose that additional protection.
I know our forum friend, DavidR, did advise against this forcing of HTTPS-connections on several occasions and in several of his postings. I have to agree with his opinion… Not all browsers will tell you when https is in part insecure, and not all browsers then block the insecure javascript.
re: http://techie-buzz.com/browsers/google-chrome-blocks-insecure-scripts.html (link article author = Keith Dsouza)
I would not like to run the additional risks, but that is just my personal opinion,
I would install the Ghostery plug-in with all the new total blocking options and enable bug blocking there, re: http://www.ghostery.com/
I need Facebook as I use it to keep up with many friends and my daughter that live far away from me and I like to see the pictures she posts of my grandson.
I do use https to connect to Facebook plus I have other Facebook security settings VERY HIGH.
The Google Analytics tracking code is now the same for both secure and non-secure websites.
So privacy wise it does not make any difference. Better to use a combination of extensions like NoScript and RequestPolcicy. Here I have to agree with DavidR. Then the rendering of javascript code differs as per browser, a comma transition in the code for GoogleChrome gives an undefined error for instance. There is also browser dependant malware and we want avast on the ball all of the time all the time,
Oh… I didn’t know that about Google Analytics! Thank you for informing me (anyway, NoScript and ABP blocks it… :D)
Of course I use NoScript in my Firefox (which is up-to-date) to keep my browser and computer secure. I also have FlashBlock, AdBlock Plus (with its Pop-Up extension) and NoRedirect intalled.
I tried out RequestPolicy once, but it blocked everything, and I thought I don’t really need it, because I always scan unknown websites with Sucuri, Virustotal and URLVoid. I also use OA.
The problem is you don’t know what other web sites the one you are visiting connects to (so you can’t physically check them all) as for the most part you only find out about the connections to third party sites (regarding cross site scripting) using something like RequestPolicy or check the page source code, by which time it is too late.
Remember that the website owner also has a responsibilty towards the visitor of his site.
Sensitive information stays secure when everything om the site is encrypted. Changing plugin configurations, updating passwords, these data should always be encrypted and are not so by default. And when on a mixed content site you better should know that SSL/Non-SLL links issues were fixed.
For instance run fiddler under your browser session and grow aware to what goes on over the wire under the hood inside your browser while you are clicking away,