[HTTPS-Everywhere] Chromes built in HTTPS site list
Seth David Schoen
schoen at eff.org
Sun Feb 26 20:47:15 PST 2012
Mike Cardwell writes:
> Are you aware that Chrome now contains a built in list of sites which
> should always use HTTPS?
>
> https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc?content-type=text%2Fplain
Yes, I remember talking to agl about it when it was introduced.
> There aren't that many in there at the moment, but anyone with an HTTPS
> site (no matter how small) can get their domain added to the list... If
> it picks up, it might be a good source for new HTTPS-Everywhere rulesets.
Good point. In fact, checking this against our existing rules already
just caught an important one: googlemail.com.
I'll make a script to monitor this list and generate HTTPS Everywhere
rules from it.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list