[HTTPS-E Rulesets] Fwd: https-everywhere breaks video tracking and transcript scrolling on khanacademy.org
Seth David Schoen
schoen at eff.org
Thu Sep 6 13:29:54 PDT 2012
Peter Eckersley writes:
> If this is a bug that could be solved by certain tweaks on your end, it
> would be much appreciated, but if that is not the case, it raises a
> concern/feature request that I think would be useful in many circumstances:
> namely, being able to disable HE rules on a per site/domain basis, where
> having certain rules enabled cripples critical site functionality.
>
> At the moment, disabling the ruleset for youtube and google services means
> an inordinate number of sites are affected. Since rulesets can only be
> enabled or disabled universally, it creates a situation where on one hand,
> a site is rendered nonfunctional by having them enabled (the tracking
> metrics are a core function of what khanacademy provides), but I'm missing
> out on the protection HE provides on other sites where having the HE rules
> enabled doesn't degrade the user experience.
This problem has become quite severe, especially with regard to video embeds.
I think we need to have direct discussions with some of the site operators
to understand the reasons why and what can be done about it. We are looking
at the possibility of having particular rules not apply in particular contexts,
but that poses its own problems.
Perhaps we can get the developers of the sites that the videos are embedded
from to provide guidance to us and to their downstream developers about the
most secure approach that's available today.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-Everywhere-Rules
mailing list