[HTTPS-Everywhere] Avira's plan to integrate HTTPs-Everywhere into the browser

Thorsten Sick thorsten.sick at avira.com
Tue Jun 9 04:21:15 PDT 2015 

Hello

Sorry for keeping you waiting, there have been several interrupts.
Building a browser is harder than it sounds. But at least we now have a
better defined plan for https-everywhere.

We at the Anti-Virus company Avira want to release a "Secure Browser".
To achieve that we will take the Chromium browser and extend it. Many
security features will be implemented by hard-wiring extensions in. We
are not yet at the Beta phase, but already have 3 extensions, including
Https-Everywhere. This number will grow.

Many of our users do not know about extensions and their benefits.
Having the best-of-security-extensions pre-selected is a large benefit.

For our users the Https-Everywhere extension will contribute to the
high-level security features "Secure Wifi" and "Secure banking". These
high-level features are better understandable than
"End-To-End-Encryption"....so we simplified the message.

Our plan is to contribute some features either to Https-Everywhere or to
a separate Extension (if you don't like it). I just documented them in
the Github issue tracker. They are open for comments:

https://github.com/EFForg/https-everywhere/issues/1885 (http-nowhere for
banks)

https://github.com/EFForg/https-everywhere/issues/1886 (anti
crypto-downgrade)

https://github.com/EFForg/https-everywhere/issues/1887 (certificate check)

https://github.com/EFForg/https-everywhere/issues/1888 (Error reporting
to server)
----------- 8< --------
Also:

When the number of the extensions grows, the area next to the URL will
get crowded. We want to produce a central extension (called "CIC" by us
tech guys: http://en.battlestarwiki.org/wiki/CIC) that aggregates the
status/statistics of the installed extensions in a simple way and offers
limited configuration for the extensions. Most decissions will be
handled by the auto-pilot (zero user interaction, if possible). Then we
can hide the extensions in the URL bar and it is tidy again.

So mid-term we will have to add cross-extension messaging between
https-everywhere and the CIC, allowing some remote control and
statistics-requests. See:
https://developer.chrome.com/extensions/messaging#external

I hope hat is ok for you ?

We would appreciate your feedback and hope to contribute some valuable
lines of code soon.

Cheers
Thorsten Sick

--
Avira Operations GmbH & Co. KG
Kaplaneiweg 1 | 88069 Tettnang | Deutschland / Germany
Telefon / Telephone: +49 7542-500 0
Telefax / Facsimile: +49 7542-500 3000

Registergericht: Amtsgericht Ulm, HRA 722586 | USt.-IdNr.: DE 815289569 | Pers. haftende Gesellschafterin: Avira OP GmbH | Firmensitz: Tettnang | Registergericht: Amtsgericht Ulm, HRB 726712 | Geschäftsführer: Travis Witteveen

Commercial Register: Amtsgericht Ulm, HRA 722586 | VAT-ID: DE 815289569 | Personally Liable Partner: Avira OP GmbH | Headquarters: Tettnang | Commercial Register: Amtsgericht Ulm, HRB 726712 | Chief Executive Officer (CEO): Travis Witteveen

More information about the HTTPS-Everywhere mailing list