[HTTPS-Everywhere] Incompatibilities between HTTPS Everywhere for Chrome and Keep {My, More} Opt Outs
Peter Eckersley
pde at eff.org
Fri Nov 2 16:36:10 PDT 2012
(Sorry for CCing a bunch of googlers, hopefully one of you can route this to
real KMOO developer(s))
In Chrome, it seems that HTTPS Everywhere has an incompatibility with two
extensions, called Keep More Opt Outs and Keep My Opt Outs. These extensions
attempt to police and preserve "opt-out" cookies for a bunch of advertising
and tracking domains.
Unfortunately they seem to fight against HTTPS Everywhere's attempts to turn
on the "secure" flag in some of those cookies. I haven't looked closely at
the precise API hooks through which that's occurring, but it can be discussed
in this ticket:
https://trac.torproject.org/projects/tor/ticket/7099
(make an account to post there, or use the anonymous one which is
"cypherpunks" / "writecode")
In my experience, reproducing is faster and easier with Keep More Opt Outs;
just install the two extensions, browse around for a bit, and watch the
infinite loops start.
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-everywhere
mailing list