[HTTPS-E Rulesets] Rule suggestion: events.ccc.de
Seth David Schoen
schoen at eff.org
Sun Jan 22 13:25:13 PST 2012
The Doctor writes:
> Not everybody is okay with other users on their network seeing what
> panels they're considering going to or videos they're watching. Or
> even that they go to ccc.de from time to time.
>
> <ruleset name="Events.ccc">
> <target host="events.ccc.de"/>
> <rule from="^http://(www\.)?events.ccc\.de/"
> to="https://events.ccc.de/"/>
> </ruleset>
Hi,
Thanks for the rule! We already have a rule that covers events.ccc.de,
but it's turned off by default because CCC uses CACert, generating an
error in Firefox by default.
Also, HTTPS Everywhere can't stop eavesdroppers from learning that
someone went to ccc.de. The eavesdropper will see the user make a DNS
request and receive a response for IN A events.ccc.de, and then make a
TCP connection to 85.214.111.134:443, and then start to set up a TLS
session.
We need other protocols (or anonymity networks like Tor) in order to
successfully prevent eavesdroppers from knowing the names of sites
that HTTPS Everywhere users visit. HTTPS is not going to do it.
An interesting paradox of centralization and decentralization is that
using extremely popular, extremely centralized services like Gmail,
Twitter, Flickr, or even Facebook over HTTPS is very good for privacy
against a passive eavesdropper (because the fact that someone uses that
service is not very unusual or interesting, and doesn't reveal much
about whom they're communicating with). However, it's much worse for
privacy against someone with the ability to force the centralized
platform operator to turn over data.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-Everywhere-Rules
mailing list