[HTTPS-E Rulesets] Cannot log out from Google - Google Accounts

Peter Eckersley pde at eff.org
Mon Jul 4 23:21:05 PDT 2011


On Sun, Jul 03, 2011 at 04:29:08PM +0300, Osama Khalid wrote:
> 
> Peter, can we have a new release to fix this? I'm afraid it might
> effect people's privacy.
> 

I was camping out in a forest for the past few days, but I've done this now.
Unfortunately, it still takes an hour or two to push a release, so its hard to
depend on them happening quickly :(.

In general the philosophy I've been trying to aim for with HTTPS Everywhere is
to prioritise non-breakage over completeness of coverage, even in the
development branch, on the theory that non-breakage will get us the most
users, and we can gradually work towards completeness from there.  

I therefore think it's especially important to be doubly cautious with changes
to the rulesets for very large sites.  Google is the extreme case, with all
these services that interact with each other and different versions of things
for users in different countries.

I get slightly nervous any time I see a rule that regexps

(www\.)?google((\.com?)?(\.[^/@:][^/@:])?)

and I think we should always try to test those on CCtld versions of the site
before including them.  

It would also be Especially Awesome if we could start developing a test suite
to catch regressions in important HTTPS Everywhere rulesets.  Anyone know much
about selenium?

-- 
Peter Eckersley                            pde at eff.org
Senior Staff Technologist         Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993



More information about the HTTPS-Everywhere-Rules mailing list