Move HTTPS Everywhere back to addons.mozilla.org
We currently have millions of Firefox users. Here's a list of the most popular Firefox addons: https://addons.mozilla.org/en-US/firefox/extensions/?sort=users
It's hard to tell exactly how many because we keep such minimal logs, but my guess is around 3 million. If this is true, we'll probably hit #3 (closed). I think moving HTTPS Everywhere back to AMO will increase our visibility and potentially get us a lot more users.
Additionally, I heard feedback that some users in Syria have been trained to never install Firefox addons from anywhere but https://addons.mozilla.org/, so they were weary of installing HTTPS Everywhere from https://www.eff.org/.
The reasons that HTTPS Everywhere isn't currently hosted on AMO are:
-
We had issues with Mozilla's data retention policy. I have heard that Mozilla has since updated their policies. Here is the current policy that governs AMO: https://www.mozilla.org/en-US/privacy/policies/websites/ -- I should read it and go over it with an EFF lawyer to make sure we're ok with it now.
-
Mozilla has an approval process for posting updates to extensions that sometimes takes a long time. Since most of our major bugs that require time-sensitive fixes are for rulesets, I think we should not ship rulesets with our extension and instead implement a ruleset-updating feature, kind of like Adblock Plus lists. (I should open a ticket for this)
-
We currently sign our releases using a key stored on an airgapped signing machine. If we switch to AMO, I believe Mozilla will be responsible for signing our releases (though I should do more research into this). In any case, if we start releasing rulesets separately from extension updates we should continue to use the airgapped signing machine to sign our ruleset updates.