I don't think it would make a big difference efficiency-wise whether it was implemented in the app or the browser. But making it an app can help with situations where only using it in a browser cannot, like when sharing URLs generated by proprietary apps (e.g. Google Maps uses an HTTP URL for sharing location). The app wouldn't be so good for re-writing all the URLs contained in a webpage, e.g analytics sites, javascript sources, etc. The browser-based solution is the right place for that.
.hc Patrick Connolly: > Ah neat! Https Everywhere as an app is a *really *interesting idea, Hans! > https://github.com/osmandapp/Osmand/pull/1037 > Do you think it'd be a heavier or lighter load on the device compared to a > straight-up Firefox Add-on? > > > -------------------------------------------- > Q: Why is this email [hopefully] five sentences or less? | A: > http://five.sentenc.es > > *NOTE* that my incoming emails are delayed from arriving in my inbox until > 9am daily. If you need to reach me sooner, please use other means of > getting in touch. #slowwebmovement > <http://www.musubimail.com/gmail_timer.html> > > On Sat, Jan 17, 2015 at 1:37 PM, Hans-Christoph Steiner < > [email protected]> wrote: > >> >> I've been playing around with techniques of catching location sharing on >> Android, and finding way to remove privacy leaks. Android's IntentFilters >> power to match URLs makes this quite easy to do system-wide. >> >> That work got me thinking: maybe it makes sense to have something like >> "HTTPS >> Everywhere" as an Android app. It could claim all HTTP links, then the app >> would check if it has an HTTPS rewriting rule. If yes, it rewrites it and >> passes it on. If no, it either passes it on, or blocks access with a popup >> (this could be a preference). >> >> As an example use case, there are lots of apps that share location, and >> basically all of them use a HTTP URL. Some links, like >> http://maps.google.com >> or http://openstreetmap.org, can easily be rewritten to HTTPS links. >> Others >> like amap.com or map.baidu.com do not offer HTTPS. A shared location >> link can >> often be a unique ID, so any network observer could use that to >> de-anonymize a >> device. >> >> You can find raw work here: >> https://github.com/eighthave/LocationPrivacy >> >> .hc >> >> -- >> PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 >> https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 >> _______________________________________________ >> Guardian-dev mailing list >> >> Post: [email protected] >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >> >> To Unsubscribe >> Send email to: [email protected] >> Or visit: >> https://lists.mayfirst.org/mailman/options/guardian-dev/patrick.c.connolly%40gmail.com >> >> You are subscribed as: [email protected] >> > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
