[HTTPS-Everywhere] Feedback on HTTPS Everywhere

Vegan vegan at riseup.net
Sat Sep 18 07:42:23 PDT 2010 

EFF HTTPS EVERYWHERE Firefox XPI Plug-in Performance using FACEBOOK!

 

FEEDBACK

After downloading from the EFF website and having installed the Firefox XPI Plug-in called “HTTPS Everywhere” version 0.2.2 in the Firefox version 3.6.10, running on a Windows XP Pro SP3 operating system the following condition was experienced.

 

When I select the option from the HTTPS EVERYWHERE application to use SSL on FACEBOOK, it does NOT redirect the “active web content” that Facebook makes use of. In fact, there is NO warning in Firefox, that “active web content” isn’t using SSL on a SSL encrypted website, unlike Microsoft Internet Explorer, tested in v6 and v7, which does pop up a security warning asking the browser user if they want to display non secure items!

 

2010 09 18 0010.jpg

 

So is the EFF HTTPS EVERYWHERE Firefox Plug-in looking like a big bank vault for customers (Firefox users) with a gapping hole in the back side? 

 

Sure enough, when one checks the “html code” on the Facebook web pages, there is plenty of non secure URL’s and non secure active web content! 

 

2010 09 18 0032.jpg

 

An additional issue when using the EFF HTTPS Everywhere was when attempting to view any FACEBOOK photo album, which either doesn’t display completely or takes a rather long time to display all of the photos (thumbnail views) with additional F5 webpage refreshes required. 

 

Just for the sake of testing, I tried using Facebook on different PC’s by switching between “http” and “https” to see what happens. In all cases, when Facebook was using SSL it had problems displaying photos, whereas non secure “http” was blazing fast, without needing the web page to be refreshed. 

 

How does using SSL prevent loading (displaying) photos that are sent encrypted using SSL? I’m NOT a web designer, just take a look here below…

 

2010 09 18 0033.jpg

 

As you see in the picture above inline, it shows some of the SSL traffic, showing those photos to be encrypted, so why does using SSL only on Facebook, delay and prevent (missing) photos from displaying. Let, me make this more clear, in that some of the photos begin to load and display on the Facebook photo album webpage, but many do NOT and some take a very long time, from seconds to minutes, to half an hour, just for thumbnails to appear! Even when refreshing the web page, which helps to display more photos, it still acts like something freezes for the behavior of using SSL with Facebook. 

 

As soon as SSL isn’t used, then those same thumbnail photos load and display almost instantly, even a hundred of them at a time. So somehow those photos are loaded in a manner that the active web content which isn’t SSL traffic produces a delay? I don’t understand, but the PC is working good, other websites don’t have this issue, when using SSL traffic. The same problem happens on multiple different computers regarding FACEBOOK when using the SSL method. So it’s NOT an issue with the PC, or the operating system, not the browsers, as different ones were used on different computers and all demonstrated the same repeating issue no matter. 

 

How to secure Facebook? So that Facebook is using full SSL/TLS using 256 bit in Firefox, including active web content? When does a social website for which millions are using, get serious with privacy security? 

 

Thanks for reading!

 

Sincerely,

V

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20100918/7e1218a4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 40194 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20100918/7e1218a4/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 424328 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20100918/7e1218a4/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 273771 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20100918/7e1218a4/attachment-0002.jpg>

More information about the HTTPS-everywhere mailing list