<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 9, 2015 at 7:03 PM, Arthur D. Edelstein <span dir="ltr"><<a href="mailto:arthuredelstein@gmail.com" target="_blank">arthuredelstein@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Sherief,<br>
<span class=""><br>
>>>> Karsten insisted that I have to run a local copy of <a href="http://torproject.org" rel="noreferrer" target="_blank">torproject.org</a><br>
>>>> <<a href="http://torproject.org" rel="noreferrer" target="_blank">http://torproject.org</a>> using a web server while the automated script<br>
>>>> runs since we can't estimate or depend on the connection speed. The<br>
>>>> major blocker in this is that the browser redirects to<br>
>>>> <a href="https://torproject.org/" rel="noreferrer" target="_blank">https://torproject.org/</a> whenever I try to map 127.0.0.1 to<br>
>>>> <a href="http://torproject.org" rel="noreferrer" target="_blank">torproject.org</a> <<a href="http://torproject.org" rel="noreferrer" target="_blank">http://torproject.org</a>> (or <a href="http://www.torproject.org" rel="noreferrer" target="_blank">www.torproject.org</a><br>
>>>> <<a href="http://www.torproject.org" rel="noreferrer" target="_blank">http://www.torproject.org</a>>) in my /etc/hosts file.<br>
<br>
</span>So you're trying to get http, but you get https, correct? Sounds like<br>
it might be the HSTS Preload list. See<br>
<a href="https://blog.mozilla.org/security/2012/11/01/preloading-hsts/" rel="noreferrer" target="_blank">https://blog.mozilla.org/security/2012/11/01/preloading-hsts/</a><br>
<a href="http://torproject.org" rel="noreferrer" target="_blank">torproject.org</a> is among the domains on Firefox's preload list:<br>
<a href="https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsSTSPreloadList.inc" rel="noreferrer" target="_blank">https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsSTSPreloadList.inc</a><br>
<br>
I think you can turn off HSTS Preloading by creating an integer pref<br>
named "test.currentTimeOffsetSeconds", and setting it to 11491200.<br>
(Under about:config, right-click and choose "New > Integer".)<br>
<span class="HOEnZb"><font color="#888888"><br>
Arthur<br>
</font></span></blockquote></div><br>Hi Arthur,</div><div class="gmail_extra"><br></div><div class="gmail_extra">I've tested the pref and unfortunately it doesn't work. I still get the https version of <a href="http://torproject.org">torproject.org</a>.<br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><span style="font-family:arial;font-size:small">Sherief Alaa</span><br><div dir="ltr" style="font-family:arial;font-size:small"><div>pgp 0x8623B882</div></div></div></div>
</div></div>