[guardian-dev] "HTTPS Everywhere" for Android itself (not just the browsers)

Patrick Connolly patrick.c.connolly at gmail.com
Sat Jan 17 16:08:18 EST 2015

Ah neat! Https Everywhere as an app is a *really *interesting idea, Hans!

Do you think it'd be a heavier or lighter load on the device compared to a
straight-up Firefox Add-on?

Q: Why is this email [hopefully] five sentences or less? | A:

*NOTE* that my incoming emails are delayed from arriving in my inbox until
9am daily. If you need to reach me sooner, please use other means of
getting in touch. #slowwebmovement

On Sat, Jan 17, 2015 at 1:37 PM, Hans-Christoph Steiner <
hans at guardianproject.info> wrote:

> I've been playing around with techniques of catching location sharing on
> Android, and finding way to remove privacy leaks.  Android's IntentFilters
> power to match URLs makes this quite easy to do system-wide.
> That work got me thinking: maybe it makes sense to have something like
> Everywhere" as an Android app.  It could claim all HTTP links, then the app
> would check if it has an HTTPS rewriting rule.  If yes, it rewrites it and
> passes it on.  If no, it either passes it on, or blocks access with a popup
> (this could be a preference).
> As an example use case, there are lots of apps that share location, and
> basically all of them use a HTTP URL.  Some links, like
> http://maps.google.com
> or http://openstreetmap.org, can easily be rewritten to HTTPS links.
> Others
> like amap.com or map.baidu.com do not offer HTTPS.  A shared location
> link can
> often be a unique ID, so any network observer could use that to
> de-anonymize a
> device.
> You can find raw work here:
> https://github.com/eighthave/LocationPrivacy
> .hc
> --
> PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
> https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
> _______________________________________________
> Guardian-dev mailing list
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit:
> https://lists.mayfirst.org/mailman/options/guardian-dev/patrick.c.connolly%40gmail.com
> You are subscribed as: patrick.c.connolly at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20150117/3f8684f1/attachment.html>

More information about the Guardian-dev mailing list