[HTTPS-Everywhere] ideas for improvements to development and use of the ruleset

[Numismatika]

Am 05.03.2014 09:13, schrieb Paul Wise:
> On Tue, 2014-03-04 at 22:39 -0800, Yan Zhu wrote:
>
>> We've gotten this suggestion a couple times before. Seth Schoen tells me
>> that the HTTPS Finder rules are often buggy or incomplete, so it's
>> better if humans look at them first and submit them to us (rather than
>> have HTTPS Finder automatically submit everything that it finds).
> Yeah, that is why I suggest only submitting domains rather than rules.
> When you get new domains submitted by users you can pro-actively check
> the ruleset, test the domains from multiple network points and update
> the ruleset.
Why submit domains?
A merged https-finder function is more what i would see as an incentive
to write rules yourself and send in the rule that results from it.
I think to create better rules it should scrape the whole page not only
the top page that i entered in the adress bar and try to rewrite all
links and objects embedded on the page to https.
It also should not stop on content that serves invalid certificates but
instead mark them as "only valid for "akamaihd.net" "self signed" "not
trusted root (cacert)"
It is then up to the user to decide what to do with that info and if he
wants to submit the rule or not.
Therefore improve the output level of that feature a bit and merge that.
Finding websites that allow https without some kind of automated helper
function is slower than a simple popup when browsing on the net daily.
Regards
Numismatika