[HTTPS-Everywhere] feedback and request for help

franciscorrigan at aol.com franciscorrigan at aol.com
Wed Jul 7 02:59:54 PDT 2010 

PPS

HTTPS everywhere may also want to arrange for google search results for
the likes of .doc and .pdf files to go via the likes of:

https://docs.google.com/viewer?url=

not sure on the effectiveness of:

https://viewer.zoho.com/docs/cEbcRg
Viewing existing docs OK via https but not uploading new ones via https
for viewing...

I also suggested to ixquick they enable a similar function function via
it's proxy https provision.

Thanks
Frank

----- Original message -----
From: "franciscorrigan at aol.com" <franciscorrigan at aol.com>
To: "Peter Eckersley" <pde at eff.org>
Cc: https-everywhere at eff.org
Date: Fri, 18 Jun 2010 21:22:27 +0100
Subject: Re: feedback and request for help

Dear Peter,

Thanks for you comments,

It would be good if adjacent to google search results an embedded url
could be provided to the https://www.startpage.com ssl proxy of the page
result..? FF add-ons like OptimizeGoogle inject additional urls into
google search engine results, so this suggestion it may be possible.

For google cache I think only redirections should be made to the ssl
text version, as redirecting to the standard ssl version gives a
significantly false assumption that all the content is viewed over ssl,
all other content is viewed as if the page was being viewed direct.

The useful thing about the https://www.startpage.com (aka ixquick) ssl
proxy, is that it is possible to view all the internal links of a page
via the proxy, acting like a sort of free to access vpn, which is far
superior to google over ssl, but google dominance means it may only gain
ground with a minority of search users. Although I note Tor auto
redirects google to ixquick when the dreaded captcha thingy pops along.

I would suggest to eff/tor that maybe it create a separate FF add-on
that just enables google cache to be redirected to the text version and
this is enabled by inserting a specific url into the google search
results. If I had the skills I would create such an add-on.

In your next update can I suggest adding a redirection to the https
version of fastmail.fm, which is a very popular email service.

On a broader note, it would be useful if an equivalent of the Torbutton
was created, to create a common browser fingerprint when using the web
when Torbutton is disabled.

Frank


----- Original message -----
From: "Peter Eckersley" <pde at eff.org>
To: "franciscorrigan at aol.com" <franciscorrigan at aol.com>
Cc: https-everywhere at eff.org
Date: Fri, 18 Jun 2010 09:30:38 -0700
Subject: Re: feedback and request for help

Hi Francis,

Thanks for these suggestions.  We hadn't noticed that Google Cache
worked over
HTTPS -- that's particularly awesome!  We'll be sure to include that in
an
autoupdate in the near future.  Possibly with an option that rewrites
all
cache links to "text only" too (the problem with that is that if we do
it using
our current framework, it'll be impossible to get to the version that
isn't
text-only).

A tool bar menu would be nice, but is a bit further down our todo list.
Patches are always welcome ;).

On Fri, Jun 18, 2010 at 12:35:17PM +0100, franciscorrigan at aol.com wrote:
> Just given your new FF extension a whirl and it seems an excellent
> addition to privacy enhancement. 
> 
> It terms of feedback I suggest:
> 
> Making preferences accessible via the bottom of the browser window, or
> via an icon on the tool bar.
> 
> Google cache via https?
> -------------
> 
> Plus can I suggest that a rule set be added, I have had a go at doing it
> myself but it is too difficult.
> 
> To be specific, it is possible to view caches of websites via google,
> but this only encrypts the text and I think many users won't realise
> that everything else is non https, to view a cache of the page via https
> one has to click on the text only version, but this can only be done
> when viewing the cache version that sends everything except text via
> https.
> 
> As an example:
> 
> [1] EPIC via httpS (with the S being added manually!)
> https://webcache.googleusercontent.com/search?q=cache:65fc8OEIZG0J:epic.org/+&cd=1&hl=en&ct=clnk
> 
> [2] When viewed as text only the url changes to:
> https://webcache.googleusercontent.com/search?q=cache:7W6uvuNCH14J:www.eff.org/&hl=en&strip=1
> 
> The key difference between 1 and 2 is the characters added at the end of
> the url for:
> 
> [1] it is : &ct=clnk
> 
> [2] &strip=1
> 
> So to view a url like:
> 
> http://webcache.googleusercontent.com/search?q=cache:65fc8OEIZG0J:epic.org/+&cd=1&hl=en&ct=clnk
> 
> I have to added S after https and replace '&ct=clnk' with  &strip=1 to
> get:
> 
> https://webcache.googleusercontent.com/search?q=cache:65fc8OEIZG0J:epic.org/+&cd=1&hl=en&strip=1
> 
> Article like this given a false impression about google https cache:
> http://www.renjusblog.com/2010/05/access-blocked-websites-with-https.html
> 
> Of course I could use the proxy service of ixquick, but It would be nice
> to have google cache TEXT version accessible automatically via
> https-everywhere.
> 
> On final note it might be handy to develop subscription lists to enable
> https, in ways similar to AdBlockPlus.
> 
> Thanks
> Frank

-- 
Peter Eckersley                            pde at eff.org
Senior Staff Technologist         Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the HTTPS-everywhere mailing list