[HTTPS-Everywhere] Fwd: HTTPS Everywhere Breaks Google reCaptcha

Chris Palmer chris at eff.org
Wed May 4 09:43:23 PDT 2011

Previous message: [HTTPS-Everywhere] Time to merge a listview patch into HTTPS Everywhere
Next message: [HTTPS-Everywhere] HTTPS Everywhere Firefox 4.0.1 compatibility
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


Begin forwarded message:

> From: Eva Galperin <eva at eff.org>
> Date: May 4, 2011 9:40:07 AM PDT
> To: Chris Palmer <chris at eff.org>
> Subject: Fwd: HTTPS Everywhere Breaks Google reCaptcha
> 
> 
> 
> -------- Original Message --------
> Subject: 	HTTPS Everywhere Breaks Google reCaptcha
> Date: 	Wed, 4 May 2011 10:26:06 -0400
> From: 	Raging Software <ragingsoftware at gmail.com>
> To: 	eva at eff.org
> 
> 
> 
> Hi,
> I'm a web developer. Like the fine folks at EFF, I'm extremely concerned
> with website security and the security of the visitors of the websites I
> develop. I have been using the HTTPS Everywhere Firefox extension for
> about 6 months or so, and I LOVE it!
> 
> But I noticed after a recent update of the extension that reCaptcha
> images stopped working. I confirmed that it is in fact the HTTPS
> Everywhere extension that caused reCaptcha images to stop displaying. So
> I tried to write some rulesets to force the images to show up, but could
> not get reCaptcha images to show up unless I disabled all rules for
> Google, Google APIs, and Google Services.
> 
> This is NOT good for me. I like having my Google searches being done
> over SSL. I can tolerate reCaptcha images being transfered over
> unencrypted communications, though. reCaptcha has proven to be an
> EXTREMELY valuable tool to reduce spam and cut down on SQL Injection
> Detection bots. Because I, and my clients, find reCaptcha so valuable,
> we use it on just about every single form we have. I think the only
> exception is "checkout" forms where financial transactions are taking
> place, because the merchant gateway handles the security in those instances.
> 
> Anyway, I've run out of options to try to resolve the issue myself,
> without completely disabling HTTPS Everywhere, and wanted to let you
> know so your development team can try to resolve the issue.
> 
> Thanks
> Eugene Johnson
> Owner, Raging Software
> http://www.ragingsoftware.com
> 

-- 
Chris Palmer
Technology Director, Electronic Frontier Foundation
https://www.eff.org/code

Previous message: [HTTPS-Everywhere] Time to merge a listview patch into HTTPS Everywhere
Next message: [HTTPS-Everywhere] HTTPS Everywhere Firefox 4.0.1 compatibility
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the HTTPS-everywhere mailing list