[HTTPS-E Rulesets] False positives in GitHub issue 849, e.g. bit.ly vanity domains
Christopher Liu
cliu3random3stuff at openmailbox.org
Sun Jan 4 21:18:25 PST 2015
To whom it may concern:
First of all, sorry for emailing the list just because I am not yet a
registered GitHub user. I hope this is at least the right list, since the
issue in question ( https://github.com/EFForg/https-everywhere/issues/849 )
is primarily about rulesets. The comment about batch-disabling rulesets gave
me some sense of urgency ...
The problem is that the script that generated the listing seems to have
parsed only the targets of each ruleset, without any understanding of
cross-domain rewrites.
In particular, every domain in the "bit.ly vanity domains" ruleset
(Bit.ly_vanity_domains.xml) is a false positive; the custom domains don't
listen for https as-is, but it's still true that they're generally
rewritable to bit.ly.
There may be other unrelated false positives, but detecting them
intelligently is beyond the scope of this email.
As usual, thank you very much, and sorry for any inconvenience.
Christopher Liu (from new email address)
More information about the HTTPS-Everywhere-Rules
mailing list