Opened 8 years ago

Closed 7 years ago

Last modified 7 years ago

#7108 closed enhancement (fixed)

Reddit ruleset removed from HTTPS-Everywhere

Reported by: runa Owned by: pde
Priority: Very Low Milestone: HTTPS-E 3.2.3
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords: httpse-ruleset-bug
Cc: runa, auto830455@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A recent commit removed the ruleset to make all connections to Reddit over HTTPS (using https://pay.reddit.com/). What's the reason behind this commit?

Child Tickets

Change History (8)

comment:1 Changed 8 years ago by pde

Cc: MB auto830455@… added

Hrm. The commit that removed it was back in late Feb, but it was never merged into the 2.x branch so you're just seeing it now that 3.x is stable.

There have been lots of commits to the Reddit ruleset(s) since then. It's currently possible to get full reddit encryption using 4.0development.1, enabling the "Reddit (certificate warnings)" ruleset, and accepting the Akamai cert you'd see at https://www.reddit.com.

You won't have that option in 3.0.1 because I deleted all the rulesets that are marked as mismatches/cert warnings, to save RAM and improve startup time. I'd be happy to add it back if you think a lot of people want it.

comment:2 Changed 8 years ago by pde

(Or we can re-add an off-by-default "pay.reddit.com" ruleset. Pull requests welcome :))

comment:3 Changed 8 years ago by runa

Why would pay.reddit.com be off-by-default? I'd say re-adding that is better than making users click through certificate warnings.

comment:4 in reply to:  3 Changed 8 years ago by pde

Replying to runa:

Why would pay.reddit.com be off-by-default?

This is why the pay.reddit.com rule is no longer on by default :)

Reddit's engineers complained to us about it too. I think there might have also been some weird corner cases where stuff didn't work properly.

comment:5 Changed 8 years ago by pde

Priority: normaltrivial

Triaging.

comment:6 Changed 7 years ago by MB

Cc: MB removed
Keywords: httpse-ruleset-bug added
Milestone: HTTPS-E 3.2.3
Resolution: fixed
Status: newclosed
Type: defectenhancement

This was addressed in 042525e8.

comment:7 Changed 7 years ago by cypherpunks

In the current version, blog.reddit.com redirects to https://pay.reddit.com, so you can't read their blog.

Note: See TracTickets for help on using tickets.