[HTTPS-Everywhere] Chromium now blocking non-store extensions

[Peter Eckersley]

This is catastrophic, and does indeed make HTTPS Everywhere prohibitively
difficult to install in Chrome version 21.  

There are at least two serious problems we have with the Chrome Web Store.
One applies to switching to using it for all of our users, and the other applies to
using it at all.

Firstly, to date we have not offered HTTPS Everywhere through the Chrome Web
Store (or addons.mozilla.org, for that matter) because to the best of our
understanding those services would retain logs for long periods of time about the IP
address history of our users.  Unless and until those services offer privacy
policies that are comparable to EFF's (https://www.eff.org/policy), we would
be extremely unhappy to default our users to installing through them.

Secondly, if we offer HTTPS Everywhere through the Chrome Web Store, it will
have to be signed by a different key than the current version.  That means
that users will be able to install two versions of HTTPS Everywhere at the
same time, which is a Very Bad Thing.  The only way to prevent this would be
to give a copy of our offline signing private key to Google, which we are
obviously disinclined to do.

Googlers, can we set up a call to discuss this?  We understand some of the
reasons that you might have moved Chrome in this direction, but I hope you'll
understand the problems that we'll have if this change makes it into the
stable channel.

On Sun, Jun 10, 2012 at 02:27:59PM -0700, Seth David Schoen wrote:
>
> https://code.google.com/p/chromium/issues/detail?id=128748
> 

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993