[tor-bugs] #9196 [EFF-HTTPS Everywhere]: Postpone Firefox mixed content blocking from FF 23 -> 24 (with user notice & control)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 16 00:37:37 UTC 2013
#9196: Postpone Firefox mixed content blocking from FF 23 -> 24 (with user notice
& control)
----------------------------------+-----------------------------------------
Reporter: pde | Owner: lisacyao
Type: defect | Status: new
Priority: blocker | Milestone: HTTPS-E 3.3
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by mikeperry):
The reality of the situation is that their implementation can't protect
against large categories of script and content leaks either, in particular
sites where the https script sources redirect to http (such scripts cannot
be blocked by the nsIContentPolicy-based Mixed Content Blocker).
I think we should aim for the stopgap solution that does the least damage
to sites without completely disabling the huge swaths of our ruleset
database (especially rules that only cause problems with the broken
nsIContentPolicy implementation), because either of those will also cause
users to lose protection, via less ruleset coverage, or via uninstalling
HTTPS-Everywhere
Given that our only choices seem to be "disable a ton more rules than we
should", "seriously degrade the user experience of HTTPS-Everywhere
users", and "disable mixed content until it can be done right", I think
the least invasive choice is the third one.
As for the uninstall issue, it is possible to write an uninstall observer
to reset the pref upon disable/uninstall using the addonListener service:
https://developer.mozilla.org/en-US/docs/Addons/Add-
on_Manager/AddonListener
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9196#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list