Opened 8 years ago

Last modified 15 months ago

#2161 accepted enhancement

Allow subscription to external rule feeds

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Normal Keywords:
Cc: adrelanos@…, reuben_p@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by mikeperry)

The ultimate direction we want to go is towards an adblock plus model, where people can subscribe to rule feeds that are relevant to them, maintained by third parties. This involves both altering our XML schema to include a 'rulefeed' envelope tag, and adding a bit of UI to add and manage subscription urls.

It also depends upon a few enhancements being completed first. These are in the child ticket list below:

Child Tickets

#1575enhancementclosedpdeWe need a hierarchical system for rules
#1656enhancementclosedpdeMore efficient ruleset checking
#2159enhancementclosedmikeperryImproved rule interface
#2160enhancementnewschoenDocument rule review process

Change History (7)

comment:1 Changed 8 years ago by mikeperry

Description: modified (diff)
Owner: changed from pde to mikeperry
Status: newaccepted

comment:2 Changed 8 years ago by mikeperry

Description: modified (diff)

comment:3 Changed 6 years ago by pde

This never got to be high on my priority list, because it seemed best to keep everyone's attention focused on keeping a single ruleset library as correct as possible, rather than letting them fragment into multiple libraries. But I'm starting to wonder whether we might want this simply to decrease the amount of time between a ruleset being fixed, and users receiving the fixes in their browsers. It still takes at least a month before 80% of users upgrade to a new stable release, and there's an additional lag of 2-4 weeks between stable releases, so it often takes months for users to receive trivial ruleset bugfixes.

There would be some tricky questions about doing auto-polled ruleset libraries though. Would we require that they be signed by the offline signing key, for instance?

comment:4 Changed 5 years ago by proper

Cc: adrelanos@… added

Recently there has been some interest and discussion in this feature on the tor-talk mailing list:
Using HTTPS Everywhere to redirect to .onion

comment:5 Changed 5 years ago by zyan

Priority: normalmajor

Bumping this in priority since there's been multiple requests for decoupling the update mechanisms for the extension and the ruleset. I am more strongly in favor of EFF shipping frequent ruleset updates (ex: every week) rather than allowing third parties to ship updates, since a malicious ruleset can totally pwn one's browser. My implementation proposal is here:

This would be a good GSoC project.

comment:6 Changed 5 years ago by reubot

Cc: reuben_p@… added

comment:7 Changed 15 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.