[HTTPS-Everywhere] HTTPS Everywhere vs Preloaded HSTS list
Dave Warren
davew at hireahit.com
Mon Mar 16 23:37:34 PDT 2015
From observation rather than an actual analysis, it seems like HTTPS
Everywhere has a non-trivial performance impact on day to day browser
usage, at least in Chrome. Probably less significant that AdBlock and
family, but switching to uBlock gave a significant performance
improvement and it got me wondering about HTTPS Everywhere's place as
browsers start to step up.
I'm curious if anyone has ever looked at HTTPS Everywhere's database and
considered dropping sites that are in preloaded HSTS lists? -- I'm
assuming that part of the performance impact is linked to the number of
rules, and under this theory, it seems like reducing the number of rules
without reducing security would be a net win.
However, I'm not sure if enough sites are in the preloaded HSTS list to
matter. I'm also not even clear if every submission to the preload list
makes it, or whether it's only for selected high profile sites, in which
case HTTPS Everywhere will still be useful indefinitely.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the HTTPS-Everywhere
mailing list