Hosts: HTTPS for HOSTS files

Just to simplify the ticket, he's asking to please enable HTTPS on the web server hosting "sbc.io", as an attacker could potentially hijack the HTTP connection and replace the hosts list being provided by the mirror with a malicious version.

@oqbnaslyxt if you can't use the Github links which are HTTPS, you might want to try jsDelivr. Its a CDN that you can use for any content hosted on Github. I've updated the chart below to use jsDelivr links instead. I have no idea if this website works with Hostsman. Although this is HTTPS, it leads to another question of trust. This is content going through a 3rd party, where "sbc.io" is Steven's own website.

Host file recipe | Readme | Raw hosts | Unique domains | Non Github mirror
---------------- |:------:|:---------:|:--------------:|:-------------:
Unified hosts = (adware + malware) | Readme | link | 60,564 | link
Unified hosts + fakenews | Readme | link | 61,233 | link
Unified hosts + gambling | Readme | link | 62,182 | link
Unified hosts + porn | Readme | link | 70,642 | link
Unified hosts + social | Readme | link | 61,722 | link
Unified hosts + fakenews + gambling | Readme | link | 62,851 | link
Unified hosts + fakenews + porn | Readme | link | 71,311 | link
Unified hosts + fakenews + social | Readme | link | 62,391 | link
Unified hosts + gambling + porn | Readme | link | 72,260 | link
Unified hosts + gambling + social | Readme | link | 63,340 | link
Unified hosts + porn + social | Readme | link | 71,799 | link
Unified hosts + fakenews + gambling + porn | Readme | link | 72,929 | link
Unified hosts + fakenews + gambling + social | Readme | link | 64,009 | link
Unified hosts + fakenews + porn + social | Readme | link | 72,468 | link
Unified hosts + gambling + porn + social | Readme | link | 73,417 | link
Unified hosts + fakenews + gambling + porn + social | Readme | link | 74,086 | link

Let's be honest, it's about time @StevenBlack gets with the HTTPS age anyway 😂 Chrome is going to start automatically blocking non HTTPS queries soon by default!

Just teasing, but the last part is true :P

HostsMan does not currently support HTTPS. I already wrote about this in their support. I hope that they will soon fix it.

In the meantime, I work around this problem with the wget.exe utility. It periodically downloads HOSTS files over HTTPS to a local disk, and HostsMan takes these files from the local disk.

The "github.io" can serve HTTPS files without a problem since it was designed specifically to be the front-end Web service for user Web content. It doesn't have the issues that files served from "raw.githubusercontent.com" have, as that domain does not specialize specifically in serving Web content and has certain restrictions and limitations in place.

That being said, we have talked about the implementation of GitHub pages for this repo in the past and @StevenBlack has shown positive interest in implementing something in the future, but understandably setting up yet another website for the statically served GitHub pages is not an immediate priority given all the other options out there at the moment and the time it takes for website design considerations, etc., etc.

If you really want to download the hosts files directly from GitHub over HTTPS, you can download any of the files hosted on my GitHub pages:

For the standard hosts file format:
https://scripttiger.github.io/hosts-packages/

For various other formats for use with server blacklists, gateway routers, etc.:
https://scripttiger.github.io/alts/

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 daysif no further activity occurs. Thank you for your contributions.

We will do this... Please disregard Stale Bot.

@StevenBlack I believe this is sort of a duplicate of #878?