Show exactly what is being blocked when clicking the extension.

[Melih]

Sure the trackers are blocked but you've still given them the information when signing up, like e-mail and real-name which they are able to sell to third parties, once signed up there isn't much more you can do about it, but if PrivDog would "bark" and show a notification when you reach their sign-up page, which says that the company is known for selling the information you provide them in the form, it may make users re-think about using their real information.

I see what you mean...its difficult find out programatically what they do with your email behind the scenes...but maybe a user reported scoring facility of some sort would be useful..

[Melih]

I mean for example. I want it to ComodoDragon, but do not want to Ice.
Just when it will be for IE.
 just wanted to choose where to install.

It turns out you need to install on all browsers?
Where is the guarantee that it will not conflict with other add-ons?

You don't have to install in all browser...we will enable so that you can choose..
but the problem is....you might be protected using the browser u have privdog in but the other might "leak your privacy" ..its an area we must consider...

[Sanya IV Litvyak]

I see what you mean...its difficult find out programatically what they do with your email behind the scenes...

Yes indeed, which is why I wrote known to share the information.

but maybe a user reported scoring facility of some sort would be useful..

Similar to web of trust? I can see that, as long as it's optional.

I don't know if it's possible or even useful but perhaps something that warns of dodgy privacy policy on the site you are signing up for? I don't know how it would work but lets say that when you open the sign-up page, PrivDog scans for a privacy policy or EULA and if found it scans through it to see if there is anything dodgy. Like I said, I don't know if it would be useful, probably it wouldn't be useful since most privacy policies are dodgy. 

[Eugene 66]

Melih.
Thanks for the reply.
I'm sorry SanyaIV for my
Success.

[Sanya IV Litvyak]

Hmm, perhaps a function similar to HTTPS everywhere? And perhaps a warning if a user is trying to fill in a form on a insecure page (not https)?

[Nige_39]

Hmm, perhaps a function similar to HTTPS everywhere? And perhaps a warning if a user is trying to fill in a form on a insecure page (not https)?

That would be Interesting if that did take place.

But SanyaIV The Current HTTPS everywhere does have that Feature already as a separate Extension. 

But I've not seen a warning telling you of a insecure page http. The only thing I've noticed is that HTTPS everywhere just pop-ups in the address bar on the far right.

[Sanya IV Litvyak]

That would be Interesting if that did take place.

But SanyaIV The Current HTTPS everywhere does have that Feature already as a separate Extension. 

But I've not seen a warning telling you of a insecure page http. The only thing I've noticed is that HTTPS everywhere just pop-ups in the address bar on the far right.

HTTPS everywhere and PrivDog conflicts for me. PrivDog will try to do one thing but won't be able to because HTTPS Everywhere is doing something else and somehow has "more right" to do so, hence I don't use HTTPS Everywhere and is the reason I suggested it.

[JoWa]

PrivDog will try to do one thing but won't be able to because HTTPS Everywhere is doing something else and somehow has "more right" to do so

It was the other way around for me.

[Sanya IV Litvyak]

It was the other way around for me.

Hmm PrivDog must have a higher "priority" for you, is there any way to manipulate that? Though in my opinion all browsers should come with a prefer HTTPS feature within the source code, one should not need an extension for that.

[JoWa]

Hmm PrivDog must have a higher "priority" for you, is there any way to manipulate that?

Not any that I know of.

Though in my opinion all browsers should come with a prefer HTTPS feature within the source code, one should not need an extension for that.

Actually there is: HTTP Strict Transport Security. HSTS has one weakness though:

The HSTS header can be stripped by the attacker if this is the user's first visit.

The solution is to have an HSTS-list in the browser, and Google maintains such a list: transport_security_state_static.json
Users can also add domains to that list, by opening chrome://net-internals/#hsts
Dragon even has a button for that: Force Secure Connections
But HTTPS Everywhere is still a good and useful complement to HSTS. It has lots of domains.
Sorry for the  -stuff.

[Sanya IV Litvyak]

Not any that I know of.Actually there is: HTTP Strict Transport Security. HSTS has one weakness though:The solution is to have an HSTS-list in the browser, and Google maintains such a list: transport_security_state_static.json
Users can also add domains to that list, by opening chrome://net-internals/#hsts
Dragon even has a button for that: Force Secure Connections
But HTTPS Everywhere is still a good and useful complement to HSTS. It has lots of domains.

I don't really know how to use HSTS.  

Sorry for the  -stuff.

Well I'm the author of this topic so I hope I have the right to allow off-topic talk, however if you think about it, it's not really off-topic, it's just a continuation, a normal evolution of a conversation. One reason I don't really love forums is because you can not talk as if it's a conversation, conversations evolve and touche several points, forums only allows one line and if you stray from it you get a warning. However I could see why forums would need order.  

Anyway, I also tried it with KB SSL Enforcer which is my pick of the https extensions, but I still have the same issue, see pic.

Edit: Damn it, forgot to crop the image  Whatever I have nothing to hide in the rest.

[attachment deleted by admin]

[JoWa]

I don't really know how to use HSTS.  

If a site has enabled strict security (and your browser supports it), you use it without knowing it or doing anything special. Try to go to http://www.paypal.com or http://mega.co.nz and you will be redirected from http to https.
If you want to add domains just type/paste chrome://net-internals/#hsts in Chrome’s address-bar and start adding them. In Dragon you can click on the padlock to add the domain you currently visit.

Well I'm the author of this topic so I hope I have the right to allow off-topic talk, however if you think about it, it's not really off-topic, it's just a continuation, a normal evolution of a conversation. One reason I don't really love forums is because you can not talk as if it's a conversation, conversations evolve and touche several points, forums only allows one line and if you stray from it you get a warning. However I could see why forums would need order.  

Indeed.

Anyway, I also tried it with KB SSL Enforcer which is my pick of the https extensions, but I still have the same issue, see pic.

KB SSL Enforcer works quite differently. It has no domain-list, but instead looks for https when you go to a domain. So if you type www.comodo.com, your browser will first connect to http://www.comodo.com and KB SSL Enforcer will then redirect to https://www.comodo.com/ HTTPS Everywhere and the HSTS-list will tell the browser beforehand to use https (if the domain is in the lists, ofcourse).

[Sanya IV Litvyak]

If a site has enabled strict security (and your browser supports it), you use it without knowing it or doing anything special. Try to go to http://www.paypal.com or http://mega.co.nz and you will be redirected from http to https.
If you want to add domains just type/paste chrome://net-internals/#hsts in Chrome’s address-bar and start adding them. In Dragon you can click on the padlock to add the domain you currently visit.

Oh, alright that seems simple.

KB SSL Enforcer works quite differently. It has no domain-list, but instead looks for https when you go to a domain. So if you type www.comodo.com, your browser will first connect to http://www.comodo.com and KB SSL Enforcer will then redirect to https://www.comodo.com/ HTTPS Everywhere and the HSTS-list will tell the browser beforehand to use https (if the domain is in the lists, ofcourse).

Indeed however if the domain isn't in the list it will take you to the http instead of https site, right? In that case you might want to have something that redirects you to the https site

I'm now trying to use HTTPS everywhere and KB SSL Enforcer and PrivDog together... so many conflicts.

[Nige_39]

HTTPS everywhere and PrivDog conflicts for me. PrivDog will try to do one thing but won't be able to because HTTPS Everywhere is doing something else and somehow has "more right" to do so, hence I don't use HTTPS Everywhere and is the reason I suggested it.

Well for me I get no conflicts.

I have HTTPS everywhere: Active, but only comes into force when I go to a page that the address bar goes green or on other pages that need it are set for HTTPS depending on their Connections etc.

I also have Privdog Fully Enabled with this setup:

Trackers Block
3rd Party Widgets Block
Ads Block all Ad Networks
Statistics Block

Also I have Disconnect active all the time

And all 3 run in harmony on my Main Machine & Laptop with Win 7 Home Premium 32 bit

So I can't understand how you have problems.

O well I guess there will be an Explanation/Fix soon

Regards

Nige

[Sanya IV Litvyak]

Well for me I get no conflicts.

I have HTTPS everywhere: Active, but only comes into force when I go to a page that the address bar goes green or on other pages that need it are set for HTTPS depending on their Connections etc.

I also have Privdog Fully Enabled with this setup:

Trackers Block
3rd Party Widgets Block
Ads Block all Ad Networks
Statistics Block

Also I have Disconnect active all the time

And all 3 run in harmony on my Main Machine & Laptop with Win 7 Home Premium 32 bit

So I can't understand how you have problems.

O well I guess there will be an Explanation/Fix soon

Regards

Nige

I think it's because I allow ads from trusted sources which means that instead of blocking an ad it will replace it with an address to AdTrustMedia which HTTPS Everywhere does not agree with so HTTPS Everywhere redirects the element to some emediate or something url.

Edit: Yup, just tested with setting PrivDog to block all ads, then I get no conflicts. Heh though I still get conflicts for facebook button for an extension I hate seeing that button in chrome go yellow/orange.