[HTTPS-Everywhere] Firefox 14 and Google

Peter Eckersley pde at eff.org
Fri Jul 20 13:42:19 PDT 2012 

There are actually already a lot of HTTPS->HTTPS rules in the library, to work
around various bugs and cert warnings on sites:  

grep 'from="^https' src/chrome/content/rules/*.xml | wc -l
794

There are also some instances of HTTPS->HTTP rules, to work around cases where
rewiting parts of a site to HTTPS cause it to send back links to other parts
of the site that are HTTPS but broken.  These rule elements are all marked
with the downgrade="1" attribute, and won't work if they aren't.

grep 'downgrade="1"' src/chrome/content/rules/*.xml | wc -l
23

On Wed, Jul 18, 2012 at 06:06:54PM +0200, Maxim Nazarenko wrote:
> Hello,
> 
> The  "force encrypted.google.com" ruleset seems like logical place for
> https://www.google.com -> https://encrypted.google.com redirection.
> However, https->https redirection in the HTTPS-Everywhere plugin
> doesn't sit well with me. I'll have a look at Firefox search plugin
> format.
> 
> Best regards,
> Maxim Nazarenko
> 
> On 18 July 2012 17:38, Peter Eckersley <pde at eff.org> wrote:
> > (Context: https://www.eff.org/https-everywhere/faq#google )
> >
> > Redirecting searches from https://www.google.com/ to
> > https://encrypted.google.com (either in the main ruleset or in an
> > off-by-default "force encrypted.google.com" ruleset) is possible, it would
> > just need to be done carefully because presumably there are a lot of non-web
> > search things on www.google.com that can't be obtained from
> > encrypted.google.com.
> >
> > I'd be more inclined to accept a pull request for this in an off-by-default
> > ruleset, than in the main one.
> >
> > On Wed, Jul 18, 2012 at 11:55:07AM +0200, Maxim Nazarenko wrote:
> >> Hello,
> >>
> >> Firefox 14 now uses httpS://www.google.com by default (in fact, I
> >> wasn't able to load httP://www.google.com at all). Naturally,
> >> httpS:\\www.google.com is not redirected by HTTPS Everywhere, while
> >> httP:\\www.google.com gets redirected to httpS://encrypted.google.com.
> >> Quick search bar, therefore, uses httpS://www.google.com. Is it
> >> technically feasible to redirect it to httpS://encrypted.google.com ?
> >> Or may be modifying the search provider is a better option?
> >>
> >> Best regards,
> >> Maxim Nazarenko
> >>
> >> _______________________________________________
> >> HTTPS-everywhere mailing list
> >> HTTPS-everywhere at mail1.eff.org
> >> https://mail1.eff.org/mailman/listinfo/https-everywhere
> >
> > --
> > Peter Eckersley                            pde at eff.org
> > Technology Projects Director      Tel  +1 415 436 9333 x131
> > Electronic Frontier Foundation    Fax  +1 415 436 9993

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the HTTPS-everywhere mailing list