[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] reddit.com wants EFF to disable HTTPS???

To: https-everywhere-rules@xxxxxxx, https-everywhere@xxxxxxx, tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] reddit.com wants EFF to disable HTTPS???
From: Victor Garin <vic.garin@xxxxxxxxx>
Date: Sat, 6 Aug 2011 23:20:47 -0700
Cc: neil@xxxxxxxxxx, osamak@xxxxxxx, pde@xxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 07 Aug 2011 02:21:09 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=kPKdwX9k8A72BfQzkiajnqjjjx9bXDh/IYN2iR84aoo=; b=WkiLvtka0BN53jrJ3dYiFLkeBghoTkmBKnhwDigXobqL2kl2TNiOJGXAlawu9KTli/ gOCKQRW/32RBC/8cJjCXRuBHOkUtfeyk1H47Fndp+b/XmCTul5pzN3/KvQrbdU7B/hmK tmMhTe7OU3KBltAPw1z2FoVPQQxPr21QB6h10=
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

**** Please copy replies to https-everywhere-rules@xxxxxxx,
https-everywhere@xxxxxxx, tor-talk@xxxxxxxxxxxxxxxxxxxx ****

Neil, can you please post to the Rules Mailing List next time, i.e.
https-everywhere-rules@xxxxxxxxxxx almost missed this because it was
not copied to the Rules Set's mailing list which I frequent...

pay.reddit.com works fine for me....

www.reddit.com == pay.reddit.com same content in HTTPS.

Can you also point out where exactly (which URL) there is a bug when
the current ruleset is used?

I don't see it. Which URLs so we can exclude them specifically.

This is what the extension does. It redirected for example:
en.wikipedia.org to secure.wikimedia.org

The reasons for using HTTPS are many including to prevent snooping on
the TOR Network.

Am I misreading something, or Peter are you planning to disable Reddit
just because someone says so?

This is a slippery slope...Next thing you know all websites will want out...

Removing/Disabling the whole site (when it is working) goes against
all the principles that EFF stands for. Unless it doesn't work it
should not be removed.

On Sat Aug 6 15:18:45 PDT 2011, Peter Eckersley wrote:

Hi Neil,

Thanks for the bug report!  We'll push an update shortly to disable the Reddit
ruleset for the time being.  Let us know when Reddit has HTTPS for real.

(As an aside, a contributor submitted a more radical proposed ruleset for
Reddit.com to our git master repository.  We have not shipped it and
won't do so unless you ask us to:

https://gitweb.torproject.org/https-everywhere.git/blob/72056be0dcf2d74e23fac9feff798e1bb841b670:/src/chrome/content/rules/Reddit.xml
)

On Fri, Aug 05, 2011 at 12:31:22PM -0700, Neil Williams wrote:
> Hi there,
>
> We noticed that you added reddit to the HTTPS Everywhere extension
> using pay.reddit.com. This is causing a lot of issues for users
> because our certificates aren't set up for general purpose use (Akamai
> issues etc.). We don't support HTTPS at the moment for anywhere on the
> site except the self-serve advertising purchase pages. I love your
> extension and we will be upgrading reddit to fully support HTTPS, but
> that's not the case right now :( Is there anything you can do to stop
> them from using pay.reddit.com from your extension?
>
> Thanks,
> Neil
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere

-- 
Peter Eckersley                            pde at eff.org
Senior Staff Technologist         Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] reddit.com wants EFF to disable HTTPS???
  - From: Gregory Maxwell

Prev by Author: Re: [tor-talk] virtual private servers for Tor?
Next by Author: Re: [tor-talk] reddit.com wants EFF to disable HTTPS???
Previous by thread: Re: [tor-talk] Hijacking Advertising to give a Tor Exit node economic sustainability?
Next by thread: Re: [tor-talk] reddit.com wants EFF to disable HTTPS???
Index(es):
- Author
- Thread