[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3971 [EFF-HTTPS Everywhere]: HTTPS-Everywhere does not encrypt all traffic from web site
#3971: HTTPS-Everywhere does not encrypt all traffic from web site
----------------------------------+-----------------------------------------
Reporter: joyton | Owner: pde
Type: defect | Status: new
Priority: minor | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by joyton):
Good day pde,
It didn't dawn on me to break the ad requests like that, I'll give it a
try. After I wrote the AdBlock Plus rules I found ABP does not really
block the connection with the ad, it merely blocks the loading of the ad
by Firefox. The way the ABP main dev explained it to me, is that ABP is a
'cosmetic' add-on, not a security add-on, per se. ABP is meant to block
loading of annoying ads by Firefox, not block connection to said annoying
ad by Firefox. I can probably find the thread where he and I discussed
this topic some months ago, if you're interested.
So it seems like ABP is a no-go with respect to this ticket. That is, even
with ABP filters in place HTTP (to ads host) is not blocked, the ads are
merely not shown by Firefox, even though they are really still there. At
least that is my understanding after contacting the ABP main dev. I could
be ignorant though ... if so, please enlighten me.
I'm not sure if it's even possible, but I think it would be useful to have
some type of setting in HTTPS-Everywhere akin to "block any traffic that
is not HTTPS for sites with rulesets". Such a global action would probably
make HTTPS-Everywhere more secure, but may also break some sites by
blocking connection to off-site hosted ads and images and such. Maybe a
more fine grained approach would be better, that is, site-by-site setting,
but there are so many sites in HTTPS-Everywhere a site-by-site setting may
be a non-starter.
These are just my (slightly) incoherent ramblings, those of someone who is
not a computer whiz. Thus, please correct me where you see fit. Thanks.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3971#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs