[HTTPS-E Rulesets] reddit.com wants EFF to disable HTTPS???
Victor Garin
vic.garin at gmail.com
Sat Aug 6 23:20:47 PDT 2011
**** Please copy replies to https-everywhere-rules at eff.org,
https-everywhere at eff.org, tor-talk at lists.torproject.org ****
Neil, can you please post to the Rules Mailing List next time, i.e.
https-everywhere-rules at eff.org...I almost missed this because it was
not copied to the Rules Set's mailing list which I frequent...
pay.reddit.com works fine for me....
www.reddit.com == pay.reddit.com same content in HTTPS.
Can you also point out where exactly (which URL) there is a bug when
the current ruleset is used?
I don't see it. Which URLs so we can exclude them specifically.
This is what the extension does. It redirected for example:
en.wikipedia.org to secure.wikimedia.org
The reasons for using HTTPS are many including to prevent snooping on
the TOR Network.
Am I misreading something, or Peter are you planning to disable Reddit
just because someone says so?
This is a slippery slope...Next thing you know all websites will want out...
Removing/Disabling the whole site (when it is working) goes against
all the principles that EFF stands for. Unless it doesn't work it
should not be removed.
On Sat Aug 6 15:18:45 PDT 2011, Peter Eckersley wrote:
Hi Neil,
Thanks for the bug report! We'll push an update shortly to disable the Reddit
ruleset for the time being. Let us know when Reddit has HTTPS for real.
(As an aside, a contributor submitted a more radical proposed ruleset for
Reddit.com to our git master repository. We have not shipped it and
won't do so unless you ask us to:
https://gitweb.torproject.org/https-everywhere.git/blob/72056be0dcf2d74e23fac9feff798e1bb841b670:/src/chrome/content/rules/Reddit.xml
)
On Fri, Aug 05, 2011 at 12:31:22PM -0700, Neil Williams wrote:
> Hi there,
>
> We noticed that you added reddit to the HTTPS Everywhere extension
> using pay.reddit.com. This is causing a lot of issues for users
> because our certificates aren't set up for general purpose use (Akamai
> issues etc.). We don't support HTTPS at the moment for anywhere on the
> site except the self-serve advertising purchase pages. I love your
> extension and we will be upgrading reddit to fully support HTTPS, but
> that's not the case right now :( Is there anything you can do to stop
> them from using pay.reddit.com from your extension?
>
> Thanks,
> Neil
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere
--
Peter Eckersley pde at eff.org
Senior Staff Technologist Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-Everywhere-Rules
mailing list