[tor-bugs] #3971 [EFF-HTTPS Everywhere]: HTTPS-Everywhere does not encrypt all traffic from web site

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sun Sep 11 00:53:45 UTC 2011 

#3971: HTTPS-Everywhere does not encrypt all traffic from web site
----------------------------------+-----------------------------------------
 Reporter:  joyton                |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  minor                 |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------

Comment(by joyton):

 pde,

 While logging into a Yahoo! Mail account today
 (https://login.yahoo.com/config/login?), with a fresh Tor Browser
 (v2.2.32-4) and !AdBlock Plus*, I again got the same HTTP warning from Tor
 Browser (Firefox-Aurora).

 I'm not computer whiz, but to me if HTTP is used on a web page/site with
 HTTPS-Everywhere rulesets then something is not kosher. Especially because
 use of !AdBlock Plus does not fix the problem, and the problem is on major
 sites like Yahoo! Mail.

 Are you still of the mind this isn't a problem HTTPS-Everywhere should be
 concerned with? That is, this isn't under HTTPS-Everywhere's 'domain'? If
 not, do you think this ticket (bug) deserves a higher priority then minor?
 I wonder type of data is on HTTP, ex., passing through my exit node while
 I'm trying to log into Yahoo! Mail via HTTPS ...

 So far I have found three sites that use HTTP when HTTPS-Everywhere
 rulesets are in place. And I didn't go looking for such sites, ''all three
 sites are very popular (the site for which I wrote rulesets ranks in the
 top 10 web forums in the world, in terms of members and traffic):''

  1. Yahoo! Mail [ https://login.yahoo.com/config/login? ]
  1. !AdBlock Plus [ !https://adblockplus.org/en/ ]
  1. Web site for which I wrote rulesets

 * I use the following !AdBlock Plus custom filters and filter
 subscriptions:

 !EasyPrivacy+!EasyList[[BR]]Antisocial[[BR]]Malware Domains[[BR]]Custom
 filters:[[BR]]|| google-analytics.com!^$third-party[[BR]] filters for the
 site for which I wrote HTTPS-Everywhere rules.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3971#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list