[HTTPS-E Rulesets] https://maps.google.com/
Seth David Schoen
schoen at eff.org
Wed Apr 27 12:00:58 PDT 2011
I had long thought that Google Maps was not available in HTTPS,
but someone has sent us a patch to add support for it. It is
definitely no longer a redirect to http.
I just tried https://maps.google.com/ and got a lot of mixed
content, with multiple TLS and non-TLS connections to Google's
servers. When I used a packet sniffer I saw that there was a
distinct difference between the http and https versions: the
placenames that I searched for appear in the pcap files in
plaintext with the http version and not with the https version.
This sounds like a good argument in itself for trying to add
the https version now, but I'm wondering if anyone has done any
more testing of the HTTPS maps site. Does anything break? Is
it horribly slow? Are the security gains real or is the same
data leaked in a different form in some of the unencrypted
requests? (Are the map tiles themselves coming in the clear
or over TLS?)
--
Seth Schoen
Senior Staff Technologist schoen at eff.org
Electronic Frontier Foundation https://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-Everywhere-Rules
mailing list