[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "User.Actions" Template



"Anthony DiPierro" <or@xxxxxxxxx> wrote:

> On 5/21/06, Fabian Keil <freebsd-listen@xxxxxxxxxxxxx> wrote:
> > Anothony Georgeo <anogeorgeo@xxxxxxxxx> wrote:
> >
> > > I think it is wise to note that Privoxy can not filter
> > > HTTPS.  Most non-tech end-users do not know this.  I
> > > do not block HTTPS connections as I think it is
> > > easiser to simply not visit an HTTPS url.
> >
> > How do you convince your browser not to fetch
> > additional images and style sheet through HTTPS?
> >
> > Not actively visiting untrusted HTTPS sites doesn't
> > stop anyone from spicing up his pages with HTTPS
> > content to get more information about his visitors.
> >
> I thought a browser was supposed to warn you of this "mixed content"
> situation (an http site with https images, for instance), but checking
> Firefox apparently it doesn't!

Firefox is only concerned about security, not privacy.

You get the "mixed content" warning if you are visiting a
ssl encrypted site and click on a submit button which leads
to an unencrypted page.
 
> Anyway, it seems like the only proper solution here is to not use
> privoxy at all, this way https and http both present exactly the same
> header information.  But this of course means taking all the
> identifying information out of your browser - easier said than done.

Blocking all https sites with a few exceptions is no big deal.
I probably use less than twenty https sites, mostly online shops.
It's not as if I'm spending the whole day adding exceptions.

As these sites already have my full name, address and credit card
or bank account information, additionally telling them that I use
Firefox on FreeBSD is the least of my worries.

Fabian
-- 
http://www.fabiankeil.de/

Attachment: signature.asc
Description: PGP signature