[HTTPS-Everywhere] Reconsider putting HTTPS Everywhere on addons.mozilla.org - Legal opinions and rant

Peter Eckersley pde at eff.org
Fri Aug 12 11:37:40 PDT 2011 

(Removing the -rules list.  Let's not spam everyone).

I'm on the fence at the moment about submitting HTTPS Everywhere 1.x to
addons.mozilla.org

In favour:

 - more people will install the extension
 - the privacy policy there has improved -- log retention there is down from
   "indefinite" to six months

Against:
 
 - the privacy policy is still not as good as eff.org's
 - the lag time for pushing updates into AMO is ~2 weeks, which means that we
   can't fix bugs quickly.  I also keep seeing AMO addons get disabled because
   Mozilla won't let them declare compatibility with future firefox versions
   early enough.
 - there will be a whole extra path to deal with for publishing and managing updates

On Thu, Aug 11, 2011 at 11:20:39PM -0700, Victor Garin wrote:
> **** Forgot to add Tor Talk Mailing list to cc. (they have some good
> people with legal smarts there who may not bother to check our mailing
> lists) --- Please use this thread (subject) for further replies and
> please cc to <tor-talk at lists.torproject.org>,
> <https-everywhere at eff.org>, <https-everywhere-rules at eff.org>,***
> 
> "Q. Why isn't HTTPS Everywhere available for download from
> addons.mozilla.org like most other Firefox add-ons?
> 
> A. We felt that the Mozilla privacy policy that applies to downloads
> from addons.mozilla.org is somewhat less protective than the privacy
> policies of the organizations that develop HTTPS Everywhere, and we
> prefer for HTTPS Everywhere users to be protected by our privacy
> policy. This decision could change in the future as Mozilla's privacy
> practices evolve or as we re-examine the details of the current
> Mozilla policy."
> 
> 
> I want to ask the devs to reconsider putting HTTPS Everywhere on
> addons.mozilla.org.
> 
> A few reasons:
> 
> 1. Trust: Many people trust that add-ons posted on addons.mozilla.org
> has been reviewed by the Mozilla team. I mean people download many
> add-ons from there, including many unknown ones.
> 
> 2. More Users == Less False positives as there is a higher chance of a
> False positive being reported because more sites will be tested. Also
> most people comment on the Add-on page itself, rather than going
> through the hoops of Mailing List or IRC.
> 
> ==========================
> 
> I am not sure exactly how Mozilla privacy policy affects HTTPS
> Everywhere. The Add-on code will be the same no? Or is it that the
> developers and or ruleset contributors could be held liable for
> submitting rules? I was thinking laws regarding, unauthorized use of
> computer network or equipment? It is in the Criminal Code in Canada
> which means Extradition to the US, per the Mutual legal assistance
> treaty, which happens when both countries consider a crime to be a
> crime, even if the minimum sentence is less in one country. Oh and the
> Extradition process in Canada is just a Rubber Stamp process. I looked
> up the Court Records, 99.9% of the accused were extradited (or
> committed in legal speak). They don't evaluate the merit of the
> evidence, basically it is Guilty until proven Innocent by a court of a
> foreign jurisdiction, with a cruel and unusual punishment of being
> deported to another country for the trial. Well if that isn't enough,
> we have Internet Surveillance and warrantless wiretapping legislation
> coming soon as part of our Conservative Government's Crime and
> Punishment agenda. Hell, they did not even keep it a secret during the
> May election, and they won a majority in the Parliament, see:
> https://secure.wikimedia.org/wikipedia/en/wiki/Canadian_federal_election,_2011#Internet_surveillance_and_warrant-less_wiretapping
> 
> Damn! I should have used TOR when I submitted all those rulesets for
> the last few months....
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the HTTPS-everywhere mailing list