Damian Johnson commited on 2013-04-28 23:50:53
Zeige 1 geänderte Dateien mit 119 Einfügungen und 0 Löschungen.
Adding Peter's project ideas for this year's GSoC and OPW.
... | ... |
@@ -1343,6 +1343,125 @@ meetings around the world.</li> |
1343 | 1343 |
</p> |
1344 | 1344 |
</li> |
1345 | 1345 |
|
1346 |
+ <a id="reportingBuggyRulesets"></a> |
|
1347 |
+ <li> |
|
1348 |
+ <b>Automated Reporting of Buggy Rulesets</b> |
|
1349 |
+ <br> |
|
1350 |
+ Effort Level: <i>Medium</i> |
|
1351 |
+ <br> |
|
1352 |
+ Skill Level: <i>Medium</i> |
|
1353 |
+ <br> |
|
1354 |
+ Likely Mentors: <i>Peter Eckersley (pde), Seth Schoen</i> |
|
1355 |
+ <p> |
|
1356 |
+When users manually disable an HTTPS Everywhere ruleset via the toolbar menu, |
|
1357 |
+that's a strong hint that that ruleset might be buggy. If we could obtain |
|
1358 |
+statistics about which rulesets are manually disabled by the users of which |
|
1359 |
+HTTPS E versions, we could get a statistical picture of which rulesets need |
|
1360 |
+the most urgent debugging and/or disablement. This would enormously improve |
|
1361 |
+the quality of the HTTPS Everywhere user experience. |
|
1362 |
+ </p> |
|
1363 |
+ |
|
1364 |
+ <p> |
|
1365 |
+HTTPS Everywhere already includes a pipeline for anonymised user submissions |
|
1366 |
+(via Tor where available) that is used for the Decentralized SSL Observatory. |
|
1367 |
+We should do a popup that asks the users to submit anonymous reports of |
|
1368 |
+disabled rules, when they manually disable one for the first time. |
|
1369 |
+ </p> |
|
1370 |
+ |
|
1371 |
+ <p> |
|
1372 |
+Perhaps this feature could optionally let users submit the URL of the page |
|
1373 |
+they were looking at when the bug occurred, although we would need to take |
|
1374 |
+care in handling those, and perhaps implement some countermeasures against |
|
1375 |
+sending passwords or auth tokens when URLs contain those. |
|
1376 |
+ </p> |
|
1377 |
+ </li> |
|
1378 |
+ |
|
1379 |
+ <a id="httpsEverywhereForFirefoxModile"></a> |
|
1380 |
+ <li> |
|
1381 |
+ <b>Port HTTPS Everywhere to Firefox Mobile</b> |
|
1382 |
+ <br> |
|
1383 |
+ Effort Level: <i>Medium</i> |
|
1384 |
+ <br> |
|
1385 |
+ Skill Level: <i>Medium</i> |
|
1386 |
+ <br> |
|
1387 |
+ Likely Mentors: <i>Peter Eckersley (pde), Seth Schoen</i> |
|
1388 |
+ <p> |
|
1389 |
+In the past a Firefox Mobile port of HTTPS Everywhere was made impractically |
|
1390 |
+complicated by the Electrolysis threading architecture used in that variant of |
|
1391 |
+Firefox (<a href="https://trac.torproject.org/projects/tor/ticket/2471">ticket</a>). However with |
|
1392 |
+the implementation of the simple NSIHTTPChannel.redirectTo() API in Firefox |
|
1393 |
+20+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=765934">ticket</a>) we are probably very |
|
1394 |
+close to having a trivial port of HTTPS Everywhere to Firefox on Android. |
|
1395 |
+ </p> |
|
1396 |
+ |
|
1397 |
+ <p> |
|
1398 |
+This would make a great GSOC project for someone who'd like to learn some |
|
1399 |
+introductory skills with hacking on the internals of real web browsers! |
|
1400 |
+ </p> |
|
1401 |
+ </li> |
|
1402 |
+ |
|
1403 |
+ <a id="httpsEverywhereMixedContentHandling"></a> |
|
1404 |
+ <li> |
|
1405 |
+ <b>HTTPS Everywhere mixed content detection and handling</b> |
|
1406 |
+ <br> |
|
1407 |
+ Effort Level: <i>Medium</i> |
|
1408 |
+ <br> |
|
1409 |
+ Skill Level: <i>Medium</i> |
|
1410 |
+ <br> |
|
1411 |
+ Likely Mentors: <i>Peter Eckersley (pde), Seth Schoen</i> |
|
1412 |
+ <p> |
|
1413 |
+Since version 20, Chrome has automatically blocked the loading of insecure |
|
1414 |
+HTTP scripts and CSS in HTTPS pages. Firefox version 23 will do the same. |
|
1415 |
+This is good security practice, but it causes havoc with many sites where |
|
1416 |
+HTTPS Everywhere can secure some, but not all, of the site's content. |
|
1417 |
+ </p> |
|
1418 |
+ |
|
1419 |
+ <p> |
|
1420 |
+Before Firefox 23 launches, we will need a more coherent plan for detecting |
|
1421 |
+sites where we are causing these mixed content situations, and either |
|
1422 |
+disabling or working around the limitation. Failure to do so will mean that |
|
1423 |
+HTTPS Everywhere user experience worsens dramatically when Firefox 23 is |
|
1424 |
+released. Success will mean a dramatic improvement in user experience with |
|
1425 |
+HTTPS Everywhere for Chrome. |
|
1426 |
+ </p> |
|
1427 |
+ |
|
1428 |
+ <b>Critical-path tickets:</b> |
|
1429 |
+ |
|
1430 |
+ <ul> |
|
1431 |
+ <li><a href="https://trac.torproject.org/projects/tor/ticket/6975">6975</a></li> |
|
1432 |
+ <li><a href="https://trac.torproject.org/projects/tor/ticket/8664">8664</a></li> |
|
1433 |
+ <li><a href="https://trac.torproject.org/projects/tor/ticket/8776">8776</a></li> |
|
1434 |
+ </ul> |
|
1435 |
+ |
|
1436 |
+ <b>Related tickets:</b> |
|
1437 |
+ |
|
1438 |
+ <ul> |
|
1439 |
+ <li><a href="https://trac.torproject.org/projects/tor/ticket/3777">3777</a></li> |
|
1440 |
+ <li><a href="https://trac.torproject.org/projects/tor/ticket/6977">6977</a></li> |
|
1441 |
+ </ul> |
|
1442 |
+ </li> |
|
1443 |
+ |
|
1444 |
+ <a id="httpsEverywhereRulesetTesting"></a> |
|
1445 |
+ <li> |
|
1446 |
+ <b>Incorporate Ruleset Testing into the HTTPS Everywhere release process</b> |
|
1447 |
+ <br> |
|
1448 |
+ Effort Level: <i>Medium</i> |
|
1449 |
+ <br> |
|
1450 |
+ Skill Level: <i>Medium</i> |
|
1451 |
+ <br> |
|
1452 |
+ Likely Mentors: <i>Peter Eckersley (pde), Seth Schoen</i> |
|
1453 |
+ <p> |
|
1454 |
+Ondrej Mikle has implemented a codebase for testing HTTPS Everywhere rulesets |
|
1455 |
+by crawling pages that are affected by the ruleset (<a href="https://github.com/hiviah/https-everywhere-checker">repository</a>). |
|
1456 |
+ </p> |
|
1457 |
+ |
|
1458 |
+ <p> |
|
1459 |
+This codebase still has some rough edges that need to be smoothed over, but |
|
1460 |
+once those are done it should be incorporated into the HTTPS Everywhere build |
|
1461 |
+process, in order to improve the quality of our releases. |
|
1462 |
+ </p> |
|
1463 |
+ </li> |
|
1464 |
+ |
|
1346 | 1465 |
<li> |
1347 | 1466 |
<b>Bring up new ideas!</b> |
1348 | 1467 |
<br> |
1349 | 1468 |