[HTTPS-Everywhere] HTTPS Everywhere for Chromium
Mike Perry
mikeperry at fscked.org
Thu Dec 9 00:04:20 PST 2010
Thus spake Adam Langley (agl at imperialviolet.org):
> Actually, having chatted with the extensions guys, it seems that their
> plan is to support a Firefox like, synchronous API. I actually
> disagree with this for the reasons above, but it would serve to
> support HTTPS Everywhere.
Hey Adam. I think you can blame me for this. I've been pushing hard
for this because it will be useful for a ton of security and privacy
enhancing addons. I document all the different things that these
addons will require out of chromium APIs in this blog post:
https://blog.torproject.org/blog/google-chrome-incognito-mode-tor-and-fingerprinting
It is focused on Torbutton, but it also touches on API properties
needed by all security+privacy enhancing addons (including HTTPS
Everywhere, anti-fingerprinting addons, and content filters like
FlashBlock, AdBlock Plus, and an analogue to Microsoft's
Anti-Behavioral filters in IE9).
In my review of the WebRequest API, I also describe a method where
synchronous versions of 3 of the WebRequest APIs could be provided in
a blocking fashion, yet still bound the number of RTTs to the extension
processes to 1 in the last four paragraphs of this post:
https://groups.google.com/a/chromium.org/group/chromium-extensions/browse_thread/thread/17ea6efa15bfea0a
Additionally, the 3 WebRequest APIs in question all have filtering
mechanisms that allow extensions to register regular expressions that
govern if they are even called in the first place. This should reduce
the number of 1xRTT calls that are even made.
I believe providing this functionality is going to enable a
significantly more diverse set of extensions than providing a
declarative filter model.. It will be very hard to design a filter
model agile enough to cover all of the use cases of security enhancing
addons.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20101209/61841aa8/attachment.sig>
More information about the HTTPS-everywhere
mailing list