[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #4375 [EFF-HTTPS Everywhere]: Use https://www.google.com instead of https://encrypted.google.com
#4375: Use https://www.google.com instead of https://encrypted.google.com
-------------------------------------+--------------------------------------
Reporter: emk | Owner: pde
Type: defect | Status: closed
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Resolution: wontfix | Keywords:
Parent: | Points:
Actualpoints: |
-------------------------------------+--------------------------------------
Changes (by pde):
* status: new => closed
* resolution: => wontfix
Comment:
https://www.google.com has worse security properties than
https://encrypted.google.com, as discussed
[https://www.eff.org/deeplinks/2011/10/google-encrypts-more-searches here]
and [https://mail1.eff.org/pipermail/https-
everywhere/2011-October/001209.html here]. The functionality gap between
the two sites is small.
Unless the www.google.com domain becomes as secure as
encrypted.google.com, HTTPS Everywhere will not send searches there.
We would however consider a patch with an alternative, off-by-default
ruleset that let the user search on www. instead. I believe that is
possible with the current codebase, but might require an undocumented
dependence on the name of the alternative ruleset and the order in which
inodes in the ruleset directory are scanned in the HTTPSRules constructor.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4375#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs