[tor-bugs] #10033 [EFF-HTTPS Everywhere]: Make it easy for users to add a hostname to the ruleset in Firefox

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jan 23 19:56:48 UTC 2015 

#10033: Make it easy for users to add a hostname to the ruleset in Firefox
--------------------------------------+---------------------------
     Reporter:  realityexists         |      Owner:  pde
         Type:  enhancement           |     Status:  new
     Priority:  major                 |  Milestone:
    Component:  EFF-HTTPS Everywhere  |    Version:  HTTPS-E 3.2.2
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+---------------------------

Comment (by cypherpunks):

 The following is from the NoScript FAQ (https://noscript.net/faq#qa6_3):

 Q:   Can NoScript force some sites to always use HTTPS?

 A:   Yes, just open NoScript Options|Advanced|HTTPS|Behavior, entering the
 sites you want to force in the topmost box, and those you want to always
 leave alone in the bottom one.

 You can use space-separated simple strings, which will be matched as
 "starts with...", glob patterns like *.noscript.net and full-fledged
 regular expressions.

 If, for instance, you want HTTPS to be forced on every Google application
 excluding Search and iGoogle, you can put *.google.com in the "Force" box
 and www.google.com/search www.google.com/ig in the "Never" box.

 The latter can be of course rewritten as a
 ^https?://www\.google\.com/(?:search|ig)\b.* regular expression.

 To force HTTPS over a website's base domain and all its subdomains, type
 .example.com in the "Force" box. This forces HTTPS for example.com,
 subdomains.example.com, and multiple.nested.subdomains.example.com.

 Since NoScript is installed by default in the Tor Browser Bundle, this
 seems like a useful method for most users.

 HTTPS Finder requires installing a separate (possibly untrusted) add-on,
 but I use it and it works well (I'm not the user who originally
 recommended it, however). It contains options to automatically force HTTPS
 if a site supports it, and options to automatically secure cookies. There
 are possible privacy implications, though, since it autodetects HTTPS
 support by trying to make a secure connection for every visited website.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10033#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list