[tor-bugs] #10174 [EFF-HTTPS Everywhere]: Ruleset bloat -> memory usage, startup time. Replace by HTTPSF

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Dec 17 20:46:15 UTC 2013 

#10174: Ruleset bloat -> memory usage,  startup time. Replace by HTTPSF
--------------------------------------+-----------------
     Reporter:  Faziri                |      Owner:  pde
         Type:  enhancement           |     Status:  new
     Priority:  normal                |  Milestone:
    Component:  EFF-HTTPS Everywhere  |    Version:
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+-----------------

Comment (by zyan):

 Ugh, this is a problem. You are not the first to complain about the memory
 issue.

 I guess the way to combine us with HTTPS Finder would be to mark some set
 of the existing stable rules as important enough to be included in every
 HTTPS Everywhere download. Then when a user encounters a new host that
 isn't in the ruleset, HTTPS Finder checks if it can force HTTPS, generates
 a new rule, and adds it to the ruleset.

 This brings up some questions:
 * If HTTPS Finder finds that a domain doesn't support HTTPS, does it test
 it again in the future? If not, for how long does it remember test
 results?
 * What happens when a new rule gets added to the stable HTTPS Everywhere
 ruleset, and someone already has another version of that rule that was
 generated with HTTPS Finder? Do we overwrite their version when they
 upgrade?
 * One of the features of HTTPS Everywhere currently is that it doesn't
 leak information about someone's browsing history by default. This is not
 true of HTTPS Finder. There you have the choice of either keeping a
 persistent file with a list of every HTTPS site that you've visited or
 deleting this file periodically and recreating all of your custom rules
 from scratch.

 BTW, there's potentially easier ways to decrease memory usage that will
 work for near future. I'm testing putting as many HTTPS Everywhere rules
 as possible into the browsers' HSTS list and seeing if that cuts down
 dramatically on memory usage.

 Regarding AMO, we haven't put ourselves in the catalog in the past because
 EFF's privacy policy is more protective than Mozilla's.

 -Yan

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10174#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list