[tor-bugs] #9769 [EFF-HTTPS Everywhere]: Move HTTPS Everywhere back to addons.mozilla.org
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 18 19:13:02 UTC 2013
#9769: Move HTTPS Everywhere back to addons.mozilla.org
----------------------------------+--------------------------
Reporter: micahlee | Owner: micahlee
Type: project | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Actual Points:
Parent ID: | Points:
----------------------------------+--------------------------
We currently have millions of Firefox users. Here's a list of the most
popular Firefox addons: https://addons.mozilla.org/en-
US/firefox/extensions/?sort=users
It's hard to tell exactly how many because we keep such minimal logs, but
my guess is around 3 million. If this is true, we'll probably hit #3. I
think moving HTTPS Everywhere back to AMO will increase our visibility and
potentially get us a lot more users.
Additionally, I heard feedback that some users in Syria have been trained
to never install Firefox addons from anywhere but
https://addons.mozilla.org/, so they were weary of installing HTTPS
Everywhere from https://www.eff.org/.
The reasons that HTTPS Everywhere isn't currently hosted on AMO are:
* We had issues with Mozilla's data retention policy. I have heard that
Mozilla has since updated their policies. Here is the current policy that
governs AMO: https://www.mozilla.org/en-US/privacy/policies/websites/ -- I
should read it and go over it with an EFF lawyer to make sure we're ok
with it now.
* Mozilla has an approval process for posting updates to extensions that
sometimes takes a long time. Since most of our major bugs that require
time-sensitive fixes are for rulesets, I think we should not ship rulesets
with our extension and instead implement a ruleset-updating feature, kind
of like Adblock Plus lists. (I should open a ticket for this)
* We currently sign our releases using a key stored on an airgapped
signing machine. If we switch to AMO, I believe Mozilla will be
responsible for signing our releases (though I should do more research
into this). In any case, if we start releasing rulesets separately from
extension updates we should continue to use the airgapped signing machine
to sign our ruleset updates.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9769>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list