[HTTPS-Everywhere] Avira wants to contribute

Thorsten Sick thorsten.sick at avira.com
Thu Feb 26 02:12:19 PST 2015 

Hello Jacob

Thanks for the reply. I added all the bugs mentioned below to our bug
backlog. We already had the task to increase rule coverage, the list
will help a lot to put in the right priorities.

We also have some ideas what to improve in HTTPs everywhere. After
internal discussions we will open up bugs in your bugtracker for public
discussion. They are not ready yet :-)

About the Aviator:
We saw that already. I am really glad our plan for the browser should
cover those issues. Simplified it is:

- Spend lots of time on automatic merge, build, test (that's our main
task now)
- Send as much changes as possible upstream, reducing merge conflicts
(branding can not be sent upstream...)
- Implement as many features as possible in extensions
        - If extension API is missing: Add it to the browser and send it upstream
=> We should be able to release in sync with the chromium releases

The security benefit for the users we are aiming for depends on bundling
cool tools (our target audience does not even know extensions exist) and
especially using our existing in-house classification technology and
databases to map the dark alleys of the internet. There is also some
behavior-style detection in the pipeline.

<not promising anything yet :-) >

<Feedback welcome>

Cheers
Thorsten Sick

Am 25.02.2015 um 18:53 schrieb Jacob Hoffman-Andrews:
> Hi Thorsten! Thanks for writing, I appreciate the help.
>
> On 02/25/2015 01:19 AM, Thorsten Sick wrote:
>> We are planning to ship a (more) secure browser soonish. I see it as a
>> distribution.
> Great! I'm sure you know, but the most important part of shipping a more
> secure browser is making sure you have a good update mechanism and
> shipping security fixes in a very timely manner once they are fixed
> upstream. This has been a stumbling point in the past for similar
> projects like WhiteHat Aviator:
> https://plus.google.com/+JustinSchuh/posts/69qw9wZVH8z
>
>> - Developing of the Chromium part of HTTPS-everywhere
> This already exists, but could definitely use more work. In particular
> we have two high-priority bugs on the Chromium port that I haven't been
> able to get to:
>
> https://github.com/EFForg/https-everywhere/issues/741
> https://github.com/EFForg/https-everywhere/issues/760
>> - Modifying Chromium to fit the needs of HTTPs-everywhere (i've been
>> told there are issues....maybe someone has details)
> It's fairly good. There are some low-level APIs we are missing. This
> probably isn't the most useful area of contribution.
>> - Internationalisation
> This would be really great! We already have internationalization for the
> Firefox version, so if you add internationalization to the Chrome port
> you should try and use the same input files, since there are a lot of
> shared strings.
>> - Maybe some usability testing ?
> This would also be good.
>
> The other useful thing to help with: I recently incorporated automated
> ruleset testing into our process. You can read more about it at
> https://github.com/EFForg/https-everywhere/blob/master/ruleset-testing.md and
> https://github.com/EFForg/https-everywhere/blob/master/ruleset-style.md.
>
> As a result, I disabled a large number of rules:
>
> https://github.com/EFForg/https-everywhere/pull/1036
>
> In the comments on that pull request I listed some relatively
> high-ranked sites that I automatically disabled for failing the tests.
> If you have time to fix those rulesets so they pass the automated tests
> for both coverage and fetching, that would be great.
>> How do we best contribute ? How to best post Pull Requests and how is in
>> charge of merging them in ? Is this repo
>> https://github.com/EFForg/https-everywhere the one to fork and
>> contribute to ?
> Yes, that's the right repo. The easiest way to contribute is to send
> pull requests and I or someone else with access will merge them.
>>  What is the best communication channel ?
> This list is good.
>
>

--
Avira Operations GmbH & Co. KG
Kaplaneiweg 1 | 88069 Tettnang | Deutschland / Germany
Telefon / Telephone: +49 7542-500 0
Telefax / Facsimile: +49 7542-500 3000

Registergericht: Amtsgericht Ulm, HRA 722586 | USt.-IdNr.: DE 815289569 | Pers. haftende Gesellschafterin: Avira OP GmbH | Firmensitz: Tettnang | Registergericht: Amtsgericht Ulm, HRB 726712 | Geschäftsführer: Travis Witteveen

Commercial Register: Amtsgericht Ulm, HRA 722586 | VAT-ID: DE 815289569 | Personally Liable Partner: Avira OP GmbH | Headquarters: Tettnang | Commercial Register: Amtsgericht Ulm, HRB 726712 | Chief Executive Officer (CEO): Travis Witteveen

More information about the HTTPS-Everywhere mailing list