When I click links in lemmy comments that explicitly include http in the url, the resulting page is always https. To me, the preferred behavior would be to default to https if no protocol is specified, but to respect the user’s preference if given.
Most of the time, there is no downside to changing to https, but some sites will result in an error if they don’t properly support https (I’ve encountered this when incorrectly typing a url before, but as it was not recent I don’t recall the details), and in rare cases the same domain name may serve different content on http vs https, making the ability to specify when linking desirable.
For example, http://xkcdsw.com is an archive of fan-edited comics, while https://xkcdsw.com is some kind of crypto site. While obviously that’s dodgy on the site end, it’s also strange to be completely unable to link the former without telling people to manually remove the s.
Is this redirecting happening on the app level, or the instance level, or something else? It’s not unique to me, as I was first alerted to it by replies that were confused at my links not going where I said they went.
Edit: to be clear, my question is whether Jerboa changes all http links to https links and if so why. The two responses so far do not address this question. If you wish to instead focus on whether the links I provided as an example work the way I claimed, then at least visit them first (using a browser for the http, as jerboa may change the url). If you wish to explain to me what a protocol is, first note that I already referred to the concept by name in my original post. However, my question is what is causing http links to be opened as https links.
Edit 2: when this post was about 6 hours old, xkcdsw fixed its weird configuration (I talked with two9a about it over mastodon). So that example no longer applies, but if interested there are comments below confirming that it wasn’t just me.
The letters are the front are the protocol you’re accessing the site through. http is for unencrypted webpages and https is for encrypted web pages.
For a webpage to be encrypted they need a certificate from a certificate authority which verifies the person who asks for the certificate actually runs the server they want the certificate for. The page you link doesn’t have a certificate and so the web page cannot be accessed with https. Your browser should tell you a secure connection could not be made with the server. That’s what it does for me.
If you’re getting a different page you probably have a virus which is serving fake certificates to your browser and redirecting your traffic to a scam server. You probably shouldn’t be typing passwords into your browser until you fix that.