[HTTPS-Everywhere] Reconsider putting HTTPS Everywhere on addons.mozilla.org - Legal opinions and rant

Victor Garin vic.garin at gmail.com
Sat Aug 13 07:50:07 PDT 2011 

(left out the tor and rules mailing list)

We can always post in the Description or Comments section of AMO regarding
the issues mentioned, i.e. lag time for updates; and that they will get bug
fixes faster by downloading from the developers website.

With regards to the privacy policy, I assume you mean it stores the IP
address of whoever downloads the HTTPS Everywhere add-on?

Can't we put like a disclaimer there: download the Add-on from the
developers website if you do not want to be logged.

Also Mozilla seems to have a good track record, for example:

"Mozilla refuses US request to ban Firefox add-on - Stiff-arms feds over
seized domains" -
http://www.theregister.co.uk/2011/05/05/mozilla_firefox_addon_survives/

The add-on:
https://addons.mozilla.org/en-US/firefox/addon/mafiaafire-redirector/

Response by Mozilla to ICE:
http://www.scribd.com/doc/54218316/Questions-to-Department-of-Homeland-Security-April-19-2011

Come to think of it, publishing the add-on on AMO would be a good way to
raise awareness and/or suggest people to donate to the Tor Project or EFF.

Also I believe after FF 7 every add-on is enabled by default (I saw it is in
the features list somewhere). While at the same time the devs can mark an
add-on compatible to the current Aurora version, right now FF 7.0.

On Fri, Aug 12, 2011 at 2:42 PM, Colonel Graff
<graffatcolmingov at gmail.com>wrote:

> It could have changed. I'm not a amo contributor and it has been quite a
> while since I installed one with that experience, now that I think about it.
> (I also use far fewer extensions now as well.)
> On Aug 12, 2011 5:21 PM, "Maxim Nazarenko" <nz.phone at mail.ru> wrote:
> > Then that might a be a reasonable solution -- no worries with update
> > delay and easier publishing.
> >
> > On 12 August 2011 14:12, Colonel Graff <graffatcolmingov at gmail.com>
> wrote:
> >> I feel fairly certain that I've seen addons ay amo that weren't hosted
> there
> >> but linked from there.
> >>
> >> On Aug 12, 2011 4:09 PM, "Maxim Nazarenko" <nz.phone at mail.ru> wrote:
> >>> Hello,
> >>>
> >>> Is it possible to publish the extension at addons.mozilla.org and make
> >>> it autoupdate from eff.org?
> >>>
> >>> Best regards,
> >>> Maxim Nazarenko
> >>>
> >>> On 12 August 2011 11:37, Peter Eckersley <pde at eff.org> wrote:
> >>>> (Removing the -rules list.  Let's not spam everyone).
> >>>>
> >>>> I'm on the fence at the moment about submitting HTTPS Everywhere 1.x
> to
> >>>> addons.mozilla.org
> >>>>
> >>>> In favour:
> >>>>
> >>>>  - more people will install the extension
> >>>>  - the privacy policy there has improved -- log retention there is
> down
> >>>> from
> >>>>   "indefinite" to six months
> >>>>
> >>>> Against:
> >>>>
> >>>>  - the privacy policy is still not as good as eff.org's
> >>>>  - the lag time for pushing updates into AMO is ~2 weeks, which means
> >>>> that we
> >>>>   can't fix bugs quickly.  I also keep seeing AMO addons get disabled
> >>>> because
> >>>>   Mozilla won't let them declare compatibility with future firefox
> >>>> versions
> >>>>   early enough.
> >>>>  - there will be a whole extra path to deal with for publishing and
> >>>> managing updates
> >>>>
> >>>> On Thu, Aug 11, 2011 at 11:20:39PM -0700, Victor Garin wrote:
> >>>>> **** Forgot to add Tor Talk Mailing list to cc. (they have some good
> >>>>> people with legal smarts there who may not bother to check our
> mailing
> >>>>> lists) --- Please use this thread (subject) for further replies and
> >>>>> please cc to <tor-talk at lists.torproject.org>,
> >>>>> <https-everywhere at eff.org>, <https-everywhere-rules at eff.org>,***
> >>>>>
> >>>>> "Q. Why isn't HTTPS Everywhere available for download from
> >>>>> addons.mozilla.org like most other Firefox add-ons?
> >>>>>
> >>>>> A. We felt that the Mozilla privacy policy that applies to downloads
> >>>>> from addons.mozilla.org is somewhat less protective than the privacy
> >>>>> policies of the organizations that develop HTTPS Everywhere, and we
> >>>>> prefer for HTTPS Everywhere users to be protected by our privacy
> >>>>> policy. This decision could change in the future as Mozilla's privacy
> >>>>> practices evolve or as we re-examine the details of the current
> >>>>> Mozilla policy."
> >>>>>
> >>>>>
> >>>>> I want to ask the devs to reconsider putting HTTPS Everywhere on
> >>>>> addons.mozilla.org.
> >>>>>
> >>>>> A few reasons:
> >>>>>
> >>>>> 1. Trust: Many people trust that add-ons posted on
> addons.mozilla.org
> >>>>> has been reviewed by the Mozilla team. I mean people download many
> >>>>> add-ons from there, including many unknown ones.
> >>>>>
> >>>>> 2. More Users == Less False positives as there is a higher chance of
> a
> >>>>> False positive being reported because more sites will be tested. Also
> >>>>> most people comment on the Add-on page itself, rather than going
> >>>>> through the hoops of Mailing List or IRC.
> >>>>>
> >>>>> ==========================
> >>>>>
> >>>>> I am not sure exactly how Mozilla privacy policy affects HTTPS
> >>>>> Everywhere. The Add-on code will be the same no? Or is it that the
> >>>>> developers and or ruleset contributors could be held liable for
> >>>>> submitting rules? I was thinking laws regarding, unauthorized use of
> >>>>> computer network or equipment? It is in the Criminal Code in Canada
> >>>>> which means Extradition to the US, per the Mutual legal assistance
> >>>>> treaty, which happens when both countries consider a crime to be a
> >>>>> crime, even if the minimum sentence is less in one country. Oh and
> the
> >>>>> Extradition process in Canada is just a Rubber Stamp process. I
> looked
> >>>>> up the Court Records, 99.9% of the accused were extradited (or
> >>>>> committed in legal speak). They don't evaluate the merit of the
> >>>>> evidence, basically it is Guilty until proven Innocent by a court of
> a
> >>>>> foreign jurisdiction, with a cruel and unusual punishment of being
> >>>>> deported to another country for the trial. Well if that isn't enough,
> >>>>> we have Internet Surveillance and warrantless wiretapping legislation
> >>>>> coming soon as part of our Conservative Government's Crime and
> >>>>> Punishment agenda. Hell, they did not even keep it a secret during
> the
> >>>>> May election, and they won a majority in the Parliament, see:
> >>>>>
> >>>>>
> https://secure.wikimedia.org/wikipedia/en/wiki/Canadian_federal_election,_2011#Internet_surveillance_and_warrant-less_wiretapping
> >>>>>
> >>>>> Damn! I should have used TOR when I submitted all those rulesets for
> >>>>> the last few months....
> >>>>> _______________________________________________
> >>>>> HTTPS-everywhere mailing list
> >>>>> HTTPS-everywhere at mail1.eff.org
> >>>>> https://mail1.eff.org/mailman/listinfo/https-everywhere
> >>>>
> >>>> --
> >>>> Peter Eckersley                            pde at eff.org
> >>>> Technology Projects Director      Tel  +1 415 436 9333 x131
> >>>> Electronic Frontier Foundation    Fax  +1 415 436 9993
> >>>> _______________________________________________
> >>>> HTTPS-everywhere mailing list
> >>>> HTTPS-everywhere at mail1.eff.org
> >>>> https://mail1.eff.org/mailman/listinfo/https-everywhere
> >>>>
> >>> _______________________________________________
> >>> HTTPS-everywhere mailing list
> >>> HTTPS-everywhere at mail1.eff.org
> >>> https://mail1.eff.org/mailman/listinfo/https-everywhere
> >>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20110813/5dab590d/attachment.html>

More information about the HTTPS-everywhere mailing list