[tor-bugs] #10174 [EFF-HTTPS Everywhere]: Ruleset bloat -> memory usage, startup time. Replace by HTTPSF

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Dec 18 08:19:46 UTC 2013 

#10174: Ruleset bloat -> memory usage,  startup time. Replace by HTTPSF
--------------------------------------+-----------------
     Reporter:  Faziri                |      Owner:  pde
         Type:  enhancement           |     Status:  new
     Priority:  normal                |  Milestone:
    Component:  EFF-HTTPS Everywhere  |    Version:
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+-----------------

Comment (by Faziri):

 It's not just about the RAM usage (though lower is always better), but
 mostly about the performance impact of parsing so many rules and
 storing/reading them in memory. Installing Easylist in Adblock Plus is a
 comparable action (though Easylist isn't even half the size) and even that
 creates massive lag.

 Shortening the filter list would definitely help. Just a very small list
 of filters for only the most common domains practically anyone is sure to
 visit from time to time would be great.

 1) I'd say maybe a week or so. Keep a map of domains-dates that acts as a
 whitelist and delete entries older than a week.
 2) Overwrite a user's rules by default, the developers of HTTPSE and the
 list managers can be expected to know better when it comes to writing the
 most useful/correct filters. The list should be kept small enough that an
 update of the built-in filters can be displayed to the user so that (s)he
 can opt out of overwriting certain rules ("Select which rules you'd like
 to overwrite with the latest update: [list with checkboxes]").
 3) Why does it keep a list of all sites you've visited? All it should keep
 is the whitelist of domains that (temporarily) don't need to be checked
 for HTTPS and the .xml user rules it creates. Acquiring either list can
 reveal part of your browsing history, but I find that something odd to be
 concerned about. Also, you could record someone's entire browsing history
 anyway by just monitoring the outgoing/incoming traffic destinations. If
 you're close enough to get a hold of those lists in the add-on, you're
 more than close enough to eavesdrop on the destination IPs.

 Adding the large filter list to the browser's list probably won't help too
 much performance-wise: it still has the same problem of being huge and 99%
 irrelevant to the individual user.


 Not meaning to shoot you down or anything, just pointing out what I think
 of it. :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10174#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list