[HTTPS-Everywhere] Forcing encrypted.google.com
Dylan Grose
dylan at dylangrose.org
Mon Mar 26 13:15:09 PDT 2012
Hello,
When connected to encrypted.google.com, Google's interface links all
lead to the www.google.com HTTPS variant, which makes it possible to
break out of encrypted.google.com by clicking on one of these links
(thus losing the enhanced privacy it provides). Also, the Googlesharing
extension doesn't appear to proxy traffic sent to https://www.google.com
(not really sure about why that is).
I'm guessing one could make an alteration to the provided ruleset for
Google's base site. Or maybe a separate ruleset would be good to have,
so that one could disable/enable whichever one is preferred.
Running HTTPS Everywhere 2.0.1.
More information about the HTTPS-everywhere
mailing list