Hacker News new | comments | show | ask | jobs | submit login
Tools from EFF’s Tech Team (eff.org)
122 points by dsr12 121 days ago | hide | past | web | 13 comments | favorite

I'm wondering if HTTPS Everywhere and Privacy Badger are on schedule for transition to the Web Extensions API for Firefox? Or will they stop working on version 57?

Https Everywhere https://www.eff.org/files/https-everywhere-test/index.html

Privacybadger's release edition already is.

I have a feeling of dread about Firefox version 57.

One thing that wasn't clear to me at first was that the point of Web Extensions is ensure that extensions play nice with multiprocessing rather than just to give compatibility with Chrome extensions; viewed in that light, I find it a little less surprising and much more palatable that they're planning to disable legacy extension functionality in a few versions.

But old extensions can support e10s?

Has anyone else noticed HTTPS Everywhere slowing their Firefox to a crawl? One day I got tired of FF being so slow and started disabling addons one by one, and page loads got ~6 seconds faster when I disabledd HTTPS Everywhere. Yes, it was that slow.

I haven't measured it, so this is somewhat subjective but yes, I could see a noticeable (although very small - nowhere near ~6 seconds) speed-up after disabling HTTPS Everywhere. In addition it was the most memory hungry of my addons (although I don't use much, just it, NoScript, uBlock Origin, Canvas Blocker, and VideoDownloadHelper), taking about ~12 Mb, as reported by Firefox.

Also a significant number of sites broke for me, and disabling the rule for that site would fix the issue. I think it's showing its age, and besides it's becoming less useful in an increasingly https centric Web. Am hoping the rewrite/refactoring necessary for migration to WebExtensions can help improve its performance too.

Are you using the 32-bit version of Firefox? It's the default version that is shown unless you specifically choose the 64-bit version.

No, I'm on Ubuntu, so it was in the repos (i.e. it was the proper architecture).

I've heard Smart https is more resources efficient than https everywhere.

If Google nudged sites towards HSTS then https everywhere wouldn't be needed anymore, correct?

Seems like Google has done a pretty decent job of 'pushing' most sites towards secure sockets.

This, along with a lot more companies being hacked, blackmailed, extorted, etc - costing them real money - seems to have solved the problem for 99% of sites.

Unless it's a personal blog or something, I won't even use a site not using encryption.

Is HttpsEverywhere even needed anymore, or just used out of habit?

if you mean HSTS preloading then yes

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact