You have to run the old browsers through a local proxy you configure yourself a lot of times these days if you're really interested in surfing the web with it.

I'm about to go to sleep but there's ones that forward https as http, convert webp and png to gif, strip JavaScript to prevent the browser from locking up, etc.

There's a real world use for this in crazy companies where people are forced on some old browser. This makes them not go down in glorious flames at every site.

When you wake up, I'd love to hear more about this. I've searched for https ==> http proxies before and didn't find much.

I'm aware of https://github.com/tenox7/wrp but converting everything to a gif is quite a bit more destructive!

Not the original commenter, but mitmproxy (https://mitmproxy.org/) can do this out-of-the-box for a single site with its reverse proxy:

    mitmdump --mode=reverse:https://news.ycombinator.com

And then visiting http://localhost:8080 will direct to the site.

There's also a nice (though under-documented) scripting interface, so you could probably write a script that does this for all sites in regular proxy mode. I found an example of this here, though I didn't test it: https://groups.google.com/forum/#!topic/mitmproxy/IAJ0-MHVC0...

back in the day I used RabbIT which handled both the https/http and the png problem but it looks like it hasn't been updated in years. It looks like squid can do the https problem (https://wiki.squid-cache.org/Features/HTTPS).

This actually doesn't looks as easy to do in 2020 as it was in 2009. I also had luck at chaining proxies that did different features as well so one would do a certain transformation and pass it off to another etc.

I've also done partial implementations just using php ... you can preg_replace most things and it more or less works.

But yes I had assumed things had gotten easier but apparently they've actually become more difficult.

While this is useful for people with out of date browsers, a slightly more sophisticated use-case is where you render the entire web page remotely in a sandbox for certain classes of links, eg email links. This prevents a whole class of phishing attacks.

There are companies who will sell this to you but essentially it’s really headless Chrome running in the cloud somewhere.

What's the point of forcing HTTPS? It's a pizza place, not a bank.

It stops Comcast selling your topping preferences to other pizzerias

It stops a man-in-the-middle attacker from trying to exploit your browser/extensions/password manager by injecting code into that site (once the cert is pinned).

It might also help with SEO? Google's been pushing for https everywhere.

encryption works much better when it's setup without discrimination. I mean not the encryption itself; in the end, it's a tool not the aim.