[HTTPS-Everywhere] Outdated FAQ answer: “Q. What's the meaning of the broken padlock icon at the bottom of the browser …”
Drake, Brian
brian at drakefamily.tk
Wed Jan 15 20:48:07 PST 2014
The last point I raised – mixed content blocking – deserves more attention.
The answer currently says, in part:
> although Chrome version 18+ has some built-in protections against insecure
> scripts in pages, and HTTPS Everywhere for Chrome will in fact trigger
> these on a site like the New York Times
>
By default, it won’t, because the NYTimes ruleset is:
1. disabled by default, using default_off; and
2. labelled mixedcontent.
1. default_off
If I enable it, then it does activate the mixed content blocker on …
http://www.nytimes.com/2014/01/16/world/americas/a-quandary-for-mexico-as-vigilantes-rise.html
… in spite of the redirect loop [1]. (disclaimer: tested on Firefox, as I
don’t have Chrome installed)
2. mixedcontent
If it’s labelled mixedcontent, then it can never trigger the mixed content
blocker, right? Also see another thread, where I ask about labelling
rulesets mixedcontent [2].
[1]
https://lists.eff.org/pipermail/https-everywhere-rules/2014-January/001834.html
[2]
https://lists.eff.org/pipermail/https-everywhere-rules/2014-January/001835.html
--
Brian Drake
All content created by me:
Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>©
2014 Brian Drake. All rights reserved.
On Mon, Jan 13, 2014 at 1003 (UTC), Drake, Brian <brian at drakefamily.tk>wrote:
> Regarding this HTTPS Everywhere FAQ section: “Q. What's the meaning of the
> broken padlock icon at the bottom of the browser, or the warning that a
> site contains "insecure information" or "unauthenticated content"?”
>
> Anyone who’s used Firefox recently should see straight away that there are
> some big problems with this answer, particularly the bold text at the end.
> The “blue tint” has been replaced by a simple padlock, the “green tint” has
> been replaced by green text on a white background, and mixed content
> blocking has been introduced, though not mentioned in this answer.
>
> --
> Brian Drake
>
> All content created by me: Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>© 2014 Brian Drake. All rights reserved.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140116/6d29fc22/attachment.html>
More information about the HTTPS-Everywhere
mailing list