[HTTPS-Everywhere] Incompatibilities between HTTPS Everywhere for Chrome and Keep {My, More} Opt Outs

Matt Perry mpcomplete at google.com
Fri Nov 2 16:59:01 PDT 2012 

BTW, I think the ticket you meant to link is
https://trac.torproject.org/projects/tor/ticket/6613


On Fri, Nov 2, 2012 at 4:56 PM, Mike West <mkwst at google.com> wrote:

> -BCC other googlers.
>
> Keep My Opt-Outs is me. Keep More Opt-Outs is a fork, as is "Protect My
> Choices" and probably others. :)
>
> KMOO watches for changes to cookies and overwrites them if they diverge
> from the opt-out text specified in the registry. If the name and domain
> match, it should simply leave them alone:
> http://code.google.com/p/chrome-opt-out-extension/source/browse/trunk/chrome/KMOO.Cookie.js#97
>
> Is HTTPSEverywhere modifying the cookies in ways other than setting the
> secure flag?
>
> --
> Mike West <mkwst at google.com>, Developer Advocate
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>
>
>
> On Sat, Nov 3, 2012 at 12:36 AM, Peter Eckersley <pde at eff.org> wrote:
>
>> (Sorry for CCing a bunch of googlers, hopefully one of you can route this
>> to
>> real KMOO developer(s))
>>
>> In Chrome, it seems that HTTPS Everywhere has an incompatibility with two
>> extensions, called Keep More Opt Outs and Keep My Opt Outs.  These
>> extensions
>> attempt to police and preserve "opt-out" cookies for a bunch of
>> advertising
>> and tracking domains.
>>
>> Unfortunately they seem to fight against HTTPS Everywhere's attempts to
>> turn
>> on the "secure" flag in some of those cookies.  I haven't looked closely
>> at
>> the precise API hooks through which that's occurring, but it can be
>> discussed
>> in this ticket:
>>
>> https://trac.torproject.org/projects/tor/ticket/7099
>> (make an account to post there, or use the anonymous one which is
>> "cypherpunks" / "writecode")
>>
>> In my experience, reproducing is faster and easier with Keep More Opt
>> Outs;
>> just install the two extensions, browse around for a bit, and watch the
>> infinite loops start.
>>
>> --
>> Peter Eckersley                            pde at eff.org
>> Technology Projects Director      Tel  +1 415 436 9333 x131
>> Electronic Frontier Foundation    Fax  +1 415 436 9993
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20121102/94049816/attachment.html>

More information about the HTTPS-everywhere mailing list