Does HTTPS Everywhere actually work for you? It's utterly useless for me as far as I can tell. Try going to some site (say, example.net) in Chrome and watch it just load HTTP.

IIRC, you have to enable the "strict" mode, or something along those lines, in the settings before it rejects HTTP connections from being made. I had the same issue.

Thanks, but then what do I do about HTTP-only sites? Why can't it default to HTTPS and then auto-fallback to HTTP when HTTPS connections fail for sites that aren't in the known-HTTPS list? It seems like a logical thing to do instead of just going straight to HTTP.

This only helps you at all against passive adversaries.

An active adversary will just cheerfully block that HTTPS connection because you'll fall back to insecure silently.

I fully understand that and that's still clearly still better than going straight to HTTP, which it's already doing.

HTTPS Everywhere only loads HTTPS on a predefined list of sites. I just use SmartHTTPS on Firefox now.

These are essential- I also add Privacy Badger and uBlock Origin. I choose Firefox over Chrome.

If you have the latest chrome/firefox, doesn't that default to https all the time? Thus making "HTTPS Everywhere" redundant?

HTTPS Everywhere will block a site if it does not have HTTPS available iirc. Chrome/Firefox don't do that by default.

you can disable scripts even with ublock, so I don't understand why people still keep noscript

I just use uMatrix. Much easier to manage scripts, cookies and XHRs