[HTTPS-Everywhere] Help needed: Disabling 3,080 rulesets
Jacob Hoffman-Andrews
jsha at eff.org
Wed Feb 11 14:38:22 PST 2015
On 02/11/2015 02:18 PM, Mike Perry wrote:
> So in the meantime, is it your plan to remove all of the currently
> tagged platform="mixedcontent" rules caused by Bug 878890?
No, not unless the hosts listed in those rules have a bad certificate or
some other sort of connection error.
At some point I may want to adopt Micah's tests or something similar, to
do another round of auto-detecting mixed content blocking. In that case
I would try to use the output to automatically set the
platform="mixedcontent" tag.
> Our thinking here was that with enough coverage from HTTPS-Everywhere,
> the "Medium" setting on our Security Slider can disable *all*
> non-HTTPS Javascript, including any HTTPS or non-HTTPS javascript
> sourced from a non-HTTPS url bar. So in this setting, we block a
> superset of the Javascript that mixed content blocking blocks, and in
> fact should load no unauthenticated JS at all.
This makes sense. I do worry that with MCB in mainstream Firefox for so
long, all the rules with platform="mixedcontent" get very little user
testing. So a large number of them may be broken.
More information about the HTTPS-Everywhere
mailing list