[HTTPS-Everywhere] Demo: HTTPS Switch Planner
Jacob Hoffman-Andrews
jsha at newview.org
Mon Dec 30 10:37:33 PST 2013
For a web developer considering a switch to HTTPS, the biggest obstacle
is often Mixed Content, especially from resources external to your site
(ads, CDN, analytics, etc). Before spending any money and time on a
certificate, you'd like to know what your dependencies are and whether
it's even possible to move them to HTTPS.
The idea, in this demo, is that a web developer would
(1) Install HTTPS Everywhere and enable Switch Planner mode
(2) Navigate to all the corners of their existing HTTP web site
(example.com)
(3) Click the HTTPS Everywhere icon to get a list of all the
third-party domains used by example.com and not rewritable by HTTPS
Everywhere.
If the list is empty: You're good to go! You can deploy a certificate
today, get added to HTTPS Everywhere, and users with the plugin will
start getting a secure experience right away. You can then begin the
slow process of rewriting all the references in your site's source code,
so non-plugin users can be secure too.
If the list is non-empty: Go through it in priority order and see if (a)
the third-party domain is actually available under HTTPS, but not yet
added to HTTPS Everywhere, (b) you can convince the third-party operator
to implement HTTPS, or (c) you can remove or replace the resource.
This is also a useful tool for savvy users to see what would block their
favorite sites from switching, and try to get some of the dependencies
fixed.
Patches (Chrome-only) attached, and also at
https://github.com/jsha/https-everywhere/compare/switchplanner
Ready-built .crx file to try out:
https://jacob.hoffman-andrews.com/hacks/https-everywhere-jsha-switch-planner-demo-v1.crx
(and .asc for sig). Try it on any HTTP site, e.g
http://www.theguardian.com or http://www.washingtonpost.com/. For most
accurate results turn off any ad blockers first.
What do you all think? Is this a feature you'd like to see land in
master? If so I'll work on a cleaner and more usable patch.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Add-details-page.patch
Type: text/x-patch
Size: 8034 bytes
Desc: not available
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20131230/17a4264b/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-First-working-version-of-switch-planner.patch
Type: text/x-patch
Size: 10649 bytes
Desc: not available
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20131230/17a4264b/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20131230/17a4264b/attachment.sig>
More information about the HTTPS-Everywhere
mailing list