[HTTPS-Everywhere] Chromium now blocking non-store extensions
Aaron Boodman
aa at chromium.org
Tue Jun 12 10:50:50 PDT 2012
Hi Peter,
I'm happy to have a call about this. I'd like to make sure you
understand, however, that it is still possible to install off-store
extensions; it's just harder for less-knowledgeable users to do (or to
be tricked into doing). The minimum steps are now:
1) Right-click crx file, download.
2) wrench > tools > extensions
3) Drag crx file from download shelf onto management UI
We had also intended to do a blog post explaining this change on the
Chromium blog.
- a
On Tue, Jun 12, 2012 at 10:11 AM, Peter Eckersley <pde at eff.org> wrote:
> This is catastrophic, and does indeed make HTTPS Everywhere prohibitively
> difficult to install in Chrome version 21.
>
> There are at least two serious problems we have with the Chrome Web Store.
> One applies to switching to using it for all of our users, and the other applies to
> using it at all.
>
> Firstly, to date we have not offered HTTPS Everywhere through the Chrome Web
> Store (or addons.mozilla.org, for that matter) because to the best of our
> understanding those services would retain logs for long periods of time about the IP
> address history of our users. Unless and until those services offer privacy
> policies that are comparable to EFF's (https://www.eff.org/policy), we would
> be extremely unhappy to default our users to installing through them.
>
> Secondly, if we offer HTTPS Everywhere through the Chrome Web Store, it will
> have to be signed by a different key than the current version. That means
> that users will be able to install two versions of HTTPS Everywhere at the
> same time, which is a Very Bad Thing. The only way to prevent this would be
> to give a copy of our offline signing private key to Google, which we are
> obviously disinclined to do.
>
> Googlers, can we set up a call to discuss this? We understand some of the
> reasons that you might have moved Chrome in this direction, but I hope you'll
> understand the problems that we'll have if this change makes it into the
> stable channel.
>
> On Sun, Jun 10, 2012 at 02:27:59PM -0700, Seth David Schoen wrote:
>>
>> https://code.google.com/p/chromium/issues/detail?id=128748
>>
>
> --
> Peter Eckersley pde at eff.org
> Technology Projects Director Tel +1 415 436 9333 x131
> Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-everywhere
mailing list