Opened 5 years ago

Closed 5 years ago

#15529 closed defect (fixed)

Redirects to spammy sites from shortlinks

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: HTTPS Everywhere/HTTPS Everywhere: Chrome Version:
Severity: Keywords:
Cc: stacy.konkiel@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I've been noticing that in Chrome 41.0.2272.101 (64-bit) with HTTPSEverywhere enabled, shortlinks from have been redirecting to spammy sites. For example,

redirects to

I've run a malware detection program on my machine and it's coming up empty. Is there _any way_ that the HTTPSEverywhere Chrome extension could either be a) causing that or b) the problem is actually that the shortlink resolver has been hacked and HTTPSEverywhere is actually _preventing_ these spammy sites from siphoning data from my machine?

I'm stumped.


Child Tickets

Change History (4)

comment:1 Changed 5 years ago by arma

Component: - Select a componentHTTPS Everywhere: Chrome

comment:2 Changed 5 years ago by cypherpunks

I can confirm what you're seeing. links are rewritten to links by HTTPS Everywhere internally, maintaining the relative part of the URI. This causes the faulty redirect to spammy URLs.

You can see this is what's happening by replacing the '' with '' manually when browsing while HTTPS Everywhere is disabled. You'll end up on the same spammy sites.

comment:3 Changed 5 years ago by cypherpunks

Thanks, very glad to know that my machine hasn't been compromised!

comment:4 Changed 5 years ago by jsha

Resolution: fixed
Status: newclosed

Yes, this was a bug in the vanity domains rule. That rule is disabled in the latest version (5.0.1) so the issue should be fixed. This also showed an interesting bug where Chrome and Firefox interpreted the rulesets differently:

Note: See TracTickets for help on using tickets.