[HTTPS-Everywhere] Incompatibilities between HTTPS Everywhere for Chrome and Keep {My, More} Opt Outs
Mike West
mkwst at google.com
Fri Nov 2 16:56:47 PDT 2012
-BCC other googlers.
Keep My Opt-Outs is me. Keep More Opt-Outs is a fork, as is "Protect My
Choices" and probably others. :)
KMOO watches for changes to cookies and overwrites them if they diverge
from the opt-out text specified in the registry. If the name and domain
match, it should simply leave them alone:
http://code.google.com/p/chrome-opt-out-extension/source/browse/trunk/chrome/KMOO.Cookie.js#97
Is HTTPSEverywhere modifying the cookies in ways other than setting the
secure flag?
--
Mike West <mkwst at google.com>, Developer Advocate
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
On Sat, Nov 3, 2012 at 12:36 AM, Peter Eckersley <pde at eff.org> wrote:
> (Sorry for CCing a bunch of googlers, hopefully one of you can route this
> to
> real KMOO developer(s))
>
> In Chrome, it seems that HTTPS Everywhere has an incompatibility with two
> extensions, called Keep More Opt Outs and Keep My Opt Outs. These
> extensions
> attempt to police and preserve "opt-out" cookies for a bunch of advertising
> and tracking domains.
>
> Unfortunately they seem to fight against HTTPS Everywhere's attempts to
> turn
> on the "secure" flag in some of those cookies. I haven't looked closely at
> the precise API hooks through which that's occurring, but it can be
> discussed
> in this ticket:
>
> https://trac.torproject.org/projects/tor/ticket/7099
> (make an account to post there, or use the anonymous one which is
> "cypherpunks" / "writecode")
>
> In my experience, reproducing is faster and easier with Keep More Opt Outs;
> just install the two extensions, browse around for a bit, and watch the
> infinite loops start.
>
> --
> Peter Eckersley pde at eff.org
> Technology Projects Director Tel +1 415 436 9333 x131
> Electronic Frontier Foundation Fax +1 415 436 9993
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20121103/9de8bb1b/attachment.html>
More information about the HTTPS-everywhere
mailing list