Feature Request: Blocking HTTP content when using HTTPS

Everything about using Adblock Plus on Mozilla Firefox, Thunderbird and SeaMonkey

Feature Request: Blocking HTTP content when using HTTPS

Postby Stasis » Wed Dec 14, 2011 5:23 am

Many SSL-secured websites are only partially encrypted because they connect to standard HTTP websites as well, but I do not see an option in Firefox to deny insecurely delivered content. We can block HTTP completely in Adblock Plus, but this breaks all regular sites. Could you implement a method to restrict filters to HTTPS sites only?
Stasis
 

Re: Feature Request: Blocking HTTP content when using HTTPS

Postby Hubird » Wed Dec 14, 2011 6:19 am

On ISO hunt I use

|http://isohunt.com/

to do just that.

But you could also try something like:

|http://$domain=example.com|foo.com|bar.com
User avatar
Hubird
 
Posts: 2844
Joined: Thu Oct 26, 2006 2:59 pm
Location: Australia

Re: Feature Request: Blocking HTTP content when using HTTPS

Postby lewisje » Wed Dec 14, 2011 1:41 pm

If I remember correctly, blocking mixed content is a massive usability issue, which is why Firefox and Safari don't do it, while in various ways Opera, IE, and Chrome actually do it by default but also offer at least a dialog for changing that behavior; still one of the first things I do with a new installation of a computer is change the IE security settings to "Enable" mixed content rather than "Prompt" on it, because that modal dialog, which appears only once per browsing session, is annoying.
lewisje
 
Posts: 1406
Joined: Mon Jun 14, 2010 12:07 pm

Re: Feature Request: Blocking HTTP content when using HTTPS

Postby Stasis » Thu Dec 15, 2011 10:36 am

@Hubird

I am asking for the ability to restrict filters based on protocol precisely because the method you propose is so unwieldy, and requires prior knowledge of a website. Using a tool like HTTPS-Finder, I can enforce direct SSL connections to websites I have not yet been to, but I cannot block all HTTP content for these sites with Adblock Plus without breaking all HTTP sites...

@lewisje

Random facts and your personal opinion have nothing to do with the question I posed...
Stasis
 

Re: Feature Request: Blocking HTTP content when using HTTPS

Postby Wladimir Palant » Thu Dec 15, 2011 12:20 pm

lewisje is right - blocking mixed content is generally a bad idea. Firefox treats mixed content as "no SSL protection" which solves most issues with it. If you propose a feature you should also explain why that feature is useful.

For example, adblockplus.org supports HTTPS for all of its content. However, the YouTube video on the start page doesn't, and same problem with many of the images that users add to their forum posts (imageshack.us, imgur.com and others). What do you hope to achieve by blocking them?
Wladimir Palant
ABP Developer
 
Posts: 8332
Joined: Fri Jun 09, 2006 6:59 pm
Location: Cologne, Germany

Re: Feature Request: Blocking HTTP content when using HTTPS

Postby Anti-Ad » Thu Dec 15, 2011 7:39 pm

This is a very useful feature which should be added, but on a per-domain basis. Users could make a quick per-domain selection to block the HTTP content, or they could subscribe to lists of sites whose usability are not impacted by ditching everything still being served over HTTP.

This feature would work in a good combination with HTTPS Everywhere. When HTTPS Everywhere is rerouting all connections to a domain through HTTPS, ABP could do a good job killing off the third-party HTTP content, which is almost always going to be unwanted junk.

Isohunt is a good example. I just looked at that site and everything which might be wanted comes over HTTPS. Isohunt has a rule in HTTPS Everywhere, as does the potentially wanted third party content from Facebook. The only non-HTTPS content on Isohunt is advertising detritus.
Anti-Ad
 

Re: Feature Request: Blocking HTTP content when using HTTPS

Postby Stasis » Fri Dec 16, 2011 3:06 am

@Wladimir Palant

Blocking HTTP content when connecting to HTTPS sites allows Firefox to establish a full secured connection to those sites, which aids against snooping attacks. Of course, I know that many sites suffer usability issues if HTTP content is blocked, due to drawing content from unsecured connections, but this blocking could also be used to block advertisers on SSL-secured sites. Most average users (I think) expect HTTPS to be secure, but some sites draw their advertisements or tracking scripts from HTTP connections, even though their own content is supposedly encrypted; as you just said, Firefox sees all the content as lacking protection, so users wouldn't know that their information could still be compromised. Regardless, adding protocol restriction to ABP just increases usability, since someone may want to block all images only on HTTPS domains, or all objects on HTTP, etc. I am sure that people would find more uses for it if it were added, than I can think of. Like Anti-Ad said, a subscription list for this could potentially improve general internet security. Thanks for reading! Please let me know if anything I said isn't true (I'm still learning).
Stasis
 


Return to Adblock Plus for Firefox

Who is online

Users browsing this forum: No registered users and 4 guests