[HTTPS-Everywhere] Problems with HTTPS Everywhere

Peter Eckersley pde at eff.org
Sun Nov 28 13:53:34 PST 2010 

On Sun, Nov 28, 2010 at 04:44:25PM +0000, Dan Sumption wrote:
> I'm having a few problems with HTTPS everywhere.
> 
> The biggest problems are with Google - HTTPS Everywhere takes me to a
> different Google site from the normal one. Among other things, this
> Google site seems to assume that I am in the USA (links for products &
> shopping all give me $$$ prices and US retailers). Most annoyingly, I
> can find no way to get to Google Images from the encrypted page - on
> normal searches, there is a really handy link to Images from every
> search page (and many search results include images). On the encrypted
> page, however, there is no way to get to the images search unless I
> either can remember & manually type the image search URL, or turn off
> HTTPS Everywhere.

Dan, unfortunately these problems are inherent to Google's current SSL search
service.  Aside from bugging Google to internationalise their encrypted
search, and offer an encrypted version of image search, the only thing I think
we can do is offer an easier way to toggle the Google Search rule quickly,
which we're planning to do with a toolbar menu.

> I've also had a problem with sites such as paper.li which require me
> to sign in via Twitter. When I do this, I'm presented with the
> following error message:
> 
> "Woah there!
> This page is no longer valid. It looks like someone already used the
> token information you provided. Please return to the site that sent
> you to this page and try again … it was probably an honest mistake."
> 
> Of course, "returning to the site and trying again" always results in
> the same error - presumably because the token I've been given is only
> valid for the insecure Twitter site.

Can you send me and John Adams a Live HTTP Headers recording of both the
successful login (with the Twitter rule disabled) and the unsuccessful login
attempt and we'll see if it's something we can fix.  It's better not to send
those to the mailing list.  One possibility is that the loss of a Referrer
header is breaking things, but we'll see.

-- 
Peter Eckersley                            pde at eff.org
Senior Staff Technologist         Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the HTTPS-everywhere mailing list