[HTTPS-Everywhere] Broken / bad rule feedback mechanism

Mon Jan 13 20:46:48 PST 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hey guys, these are great questions too. Yes, I secretly implemented
an automated bug reporter for HTTPS Everywhere (Firefox) that submits
a bug report with user-selected info (OS, domain, URL, other addons
installed, comments) whenever you disable a ruleset. You can
optionally select to only submit over Tor for extra anonymization, SSL
Observatory-style.

It's not merged into master yet [1], but you can test it out at:
https://github.com/diracdeltas/https-everywhere/tree/autoreport

Would love UI feedback.

[1] The blocker is Peter or Seth (I forget whom) setting up an EFF
simple server to receive these rule reports. Right now, it just posts
to one of my personal servers. DANGER: I am not EFF; thus I do not
have a privacy policy like EFF's. All information you submit in these
bug reports will be publicly visible.

- -Yan

On 01/13/2014 12:26 PM, Claudio Moretti wrote:
> There might be a potential concern here: if an user is browsing a 
> restricted page, with some information in the URL, we might have a 
> little too much information disclosure... On the other hand,
> stripping down the URL to the domain would probably be useless,
> because if the rule is tested (and it is) before being pushed, it
> would work in 99% of the cases.
> 
> Also, it might be a temporary downtime, and we'll be flooded with 
> complaints about something that, in reality, it's working...
> 
> There's some discussion that might be done on this and I, for one,
> have no clue whatsoever on how this might be handled.
> 
> If somebody has an idea, it'll be great :)
> 
> (is it me or my email is pretty useless?)
> 
> Cheers,
> 
> Claudio
> 
> 
> On Mon, Jan 13, 2014 at 8:16 PM, John Stinson
> <johnkstinson at gmail.com <mailto:johnkstinson at gmail.com>> wrote:
> 
> Hey,
> 
> I think this is independent of other discussions going on right
> now so I created a new thread (sorry for moar email).
> 
> Has there ever been discussion of having a mechanism for users to 
> report a bad transition (as a result of a bad rule) directly from 
> the plugin? For instance, someone is redirected to an unexpected 
> page, clicks on the https-everywhere icon, and is able to click on
> a "report a bad rule" button, that could send "us" data about the
> url, so we could act on correcting it?
> 
> I'm not sure if the issue of bad rules is serious enough to
> warrant such an option, and I can also foresee some privacy
> implications with this, but just thought I'd mention the concept.
> 
> -- - John K. Stinson
> 
> _______________________________________________ HTTPS-Everywhere
> mailing list HTTPS-Everywhere at lists.eff.org
> <mailto:HTTPS-Everywhere at lists.eff.org> 
> https://lists.eff.org/mailman/listinfo/https-everywhere
> 
> 
> 
> 
> _______________________________________________ HTTPS-Everywhere
> mailing list HTTPS-Everywhere at lists.eff.org 
> https://lists.eff.org/mailman/listinfo/https-everywhere
> 

- -- 
Yan Zhu                           yan at eff.org
Technologist                      Tel  +1 415 436 9333 x134
Electronic Frontier Foundation    Fax  +1 415 436 9993
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJS1ME2AAoJENC7YDZD/dnsmB4H/jw4v/TAI9jtEawv5CeBb1qP
KsFa90Iuhuy/Y5iFwat13DSiw7Q4VZDytIekcHzYDYKVUAd/XDncVWp30E7lpbhr
vkJmdDBJ5aHzxZB2wP5iTI12fBq7B4AoDboYgy3uyx0fFpmN2xHbUhz/LHTYhg53
KPyYm+Fu787Ylmu6wBqiAztfN+NshCHgxHicsUBMm+tFiFuji/CV+ZkGzEMLYz2e
xHapbaoMDZcX8v6OOwjt7uIX1z9AnLFKycFO5payMh/npmKmqfNz3rm8XK5D3IUe
PgYGJ4EYVMWL6j1AIQf0fMph9NV/Eth+Cggdyfbjgs7ycytolSg7WQQ031dWUIU=
=dgyT
-----END PGP SIGNATURE-----