Re: [libreplanet-discuss] Fwd: [BugProgramming] https (xrchz)

[Rudolf]

I just remembered there's a site for petitions, Change.org: http://www.change.org/

I would copy/paste from the EFF's HTTPS Everywhere site about why it's important: https://www.eff.org/https-everywhere

Maybe create a separate petition for each website that isn't doing this or collect them as a handful to gain more signatures. For example, Facebook, Google+ and MySpace could be targeted by the same petition. OKCupid and whatever other sites there are that are like it can be targeted by another petition.

Try and outline in the petition exactly what the issue is with the lack of HTTPS and make it so that the first paragraph can be understood by non-technical users. Same with when you share the petition; you need to make it clear how it affects ordinary non-technical users and what signing the petition will do.

-Rudolf O.

On 21 November 2012 09:51, Ramana Kumar <ramana@member.fsf.org> wrote:

On Wed, Nov 21, 2012 at 2:47 PM, Rudolf <omouse@gmail.com> wrote:

Is there an existing https everywhere campaign you can join?

The closest thing I can find is https://www.eff.org/https-everywhere
But that is not exactly a campaign.
Do you know of one?
 

I would also look into starting a petition somewhere. They usually don't get much done but you can gauge support for the idea and point to it in your emails.

Despite this being a technical issue as Will Rico points out, they can at least post an update on their blog about their progress on implementing https everywhere.

Thanks, these are good ideas. I would appreciate knowing if anyone else is interested.
 

On Nov 21, 2012 9:40 AM, "Ramana Kumar" <ramana@member.fsf.org> wrote:

Does this response (below) make sense technically?
I have my doubts.

If it doesn't then I invite others on list to join me in putting some pressure on OkCupid, starting with just showing them how to deploy https and keep their ads.

(If it does, then, depending on the details, perhaps that pressure should be directed at Google instead, to allow their ads to be embedded in sites served over https.)

I am also trying to get doodle.com to serve only https. They have completely ignored me so far. Some more voices could be helpful.
I know I can use https://dudle.inf.tu-dresden.de/ instead, which is better on a number of fronts, when I initiate the poll, but people still send me doodle polls every so often.

---------- Forwarded message ----------
From: Alice Goguen <alice@okcupid.com>
Date: Tue, Nov 20, 2012 at 4:38 PM
Subject: Re: [BugProgramming] https (xrchz)
To: ramana.kumar@gmail.com

Hi,

Thanks for your message. We can't offer https on the entire site because it would also prevent our ads from Google Ads from being served. Our developers are aware of the issue and would like to offer it when possible.

Thanks,

Alice

On Sun, Nov 18, 2012 at 1:50 AM, OkCupid User Feedback <bounces@mail1.oknotify2.com> wrote:

Could you please enable https everywhere? Or tell me what is your reason for selectively enabling https on only some portions of the site?

I use a _javascript_ blocker which doesn't allow scripts on non-secure sites. I've whitelisted okcupid.com, but it keeps apparently randomly switching back and forth between https and http, and then breaks on the http since it's so heavily _javascript_-based. (I had to switch to an untrusted one-off browser just to submit this bug report.)

I persist in demanding https despite it breaking sites like yours (though note it doesn't break bigger sites like Google or Wikipedia) because I want a better web. Some of the reasons are spelled out here: https://www.eff.org/https-everywhere/deploying-https.

USER FACTS:
-----------
User ID: 1134385026156797037
Username: xrchz