[HTTPS-Everywhere] Overriding warning about insecure form submission
Drake, Brian
brian2 at drakefamily.tk
Sat Jun 25 02:44:00 PDT 2011
The warning isn’t just misleading; it’s incorrect. It says that an
unencrypted connection is to be used, when no unencrypted connection is ever
used (unless HTTPS Everywhere detects a redirect loop).
Disabling the warning is not misleading. The error you refer to is
confusing, but it would be confusing with or without the warning. The
warning and the error are two separate issues.
On Fri, Jun 3, 2011 at 0516 (UTC-8), Colonel Graff <
graffatcolmingov at gmail.com> wrote:
> On Thu, Jun 2, 2011 at 1336 (UTC-8), Seth David Schoen <schoen at eff.org>wrote:
>
>> A small number of sites have hardcoded form submission targets to
>> use HTTP URLs, which generates a warning that
>>
>> Although this page is encrypted, the information you have entered is
>> to be sent over an unencrypted connection and could easily be read by
>> a third party.
>>
>> https://www.abebooks.com/
>>
>> (enter an author and click "Find Book").
>>
>
> I know you cannot test this, but that error appears when booksellers try to
>
> upload their inventory and it actually DOES prevent the upload from
> occurring. After disabling the ruleset, I never had the chance to go back
> and test it on my client's computer to find out why. Disabling the warning
> might mislead any other booksellers who may be using HTTPS Everywhere
> and selling on Abebooks since they may not understand why the upload will
> not be processed. I realize that it is likely that very few people who
> currently
> use HTTPS Everywhere experience this behavior which is why I'm the only
> person bringing the issue up, but if the number of people using it grows to
>
> include enough people, it will likely become a major factor in their
> decision
> to either use or not use HTTPS Everywhere.
>
> _______________________________________________
> HTTPS-everywhere mailing list
> [snip]
>
--
Brian Drake
Alternate (slightly less secure) e-mail: brian at drakefamily.tk
Alternate (old) e-mail: brianriab at gmail.com
Facebook profile: Profile ID
100001669405117<https://ssl.facebook.com/profile.php?id=100001669405117>
Twitter username: BrianJDrake <https://twitter.com/BrianJDrake>
Wikimedia project username:
Brianjd<https://secure.wikimedia.org/wikipedia/meta/wiki/User:Brianjd>(been
inactive for a while)
All content created by me
Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>©
2010–2011 Brian Drake. All rights reserved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20110625/210748aa/attachment.html>
More information about the HTTPS-everywhere
mailing list