penguin's playground

I try to use HTTPS when viewing web sites, so I was delighted to find HTTPS Everywhere - an add-on for Firefox that defaults to secure connections. Here's how the add-on makers describe it:

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.
Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.
The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

I'm a big fan of UK Indymedia, so imagine how happy I was to find out that somebody has written rules that mean the add-on can be used to defualt to HTTPS for all Indymedia sites worldwide that use encryption. The script was posted here. I've duplicated the script below since the Indymedia site turns some of it into links

I've tried to rewrite the remainder on this blog on 18 September 2010 to make it as accessible to non-tech people as possible. Comments welcome.

Stage 1: Install Firefox and HTTPS Everywhere

1. This only works on the Firefox browser. Make sure you have Firefox installed.
2. Once Firefox is installed, you need to download the extension (aka add-on). Go to the HTTPS Everywhere page. Scroll to the bottom of the page where there is a little table with headings called Attachements and size.
3. Click on the link to the latest stable version. This is currently https-everywhere-0.2.2.xpi (so, that's more recent than ...0.2.1, but probably more stable than ... 0.2.2.development.3.xpi).
4. This will install the add-on to your PC. You might get a warning on Firefox that says 'Firefox prevented this site (EFF.org) from installing software on your computer.' If so, click the 'allow' button.
5. Click the install button when it becomes available.
6. Restart Firefox. HTTPS Everywhere is now installed.

Stage 2: Add the Indymedia rules

1. By default, the HTTPS Everywhere add-on does not have the Indymedia rules (yet!). You will need to add them to your Firefox profile manually. The way to do this depends on your operating system. So, before you start on this section, find out where your Firefox profile is. Here are the instructions for Linux, Windows, and Macs.
2. Within your Firefox profile there will be a directory (aka folder) called HTTPSEverywhereUserRules. Go there.
3. Create a new file called indymedia.xml (if you are using Notepad on Windows, make sure to make sure 'save as type' is 'all file types').
4. Copy the script below into your new file, and save it.
5. Restart Firefox to allow the rules to come into effect.

Stage 3: Testing

1. Check that your new HTTPS Everywhere ruleset is working. Here are a few randomly chosen links you can try (but please read the next point before trying them): Oxford Indymedia, Arizonia Indymedia. If the add-on is working, you should be taken to a page that starts with https:// (and not http://)
2. Got a scary message about an untrusted site? Read this useful page from Indymedia about security.

Stage 4 Feedback

1. Please give me any feedback on this article below.
2. If you followed these instructions and they didn't work for you, I might be able to help. But please make sure you let me know what version of Firefox you are using, which operating system (including version), and be explict in what you have done and what is not working. For example, before getting in touch, check that HTTPS everywhere is running. Follow this link to the Wikipedia entry on penguins. If this does not redirect you to a URL called https://secure.wikimedia.org/wikipedia/en/wiki/Penguin then HTTPS Everywhere is not working and I cannot help you.
3. If you have any updates or improvements to the script, please let me know and I will update it.

Here's the script ...

UPDATE (2010-11-26): The script below will not work with versions of HTTPSEverywhere after 0.3. Somebody has published a revised ruleset

<ruleset name="Indymedia">
 
<!-- the main indymedia.org and indymedia.org.uk domains -->
<rule from="^http://(www\.)?indymedia\.org(\.uk)?" to="https://www.indymedia.org$2"/>
<!-- london.indymedia.org.uk is different to indymedia.org.uk/en/regions/london/ -->
<rule from="^http://(www\.)?london\.indymedia\.org\.uk" to="https://london.indymedia.org.uk"/>
<!-- Nottingham has its own setup -->
<rule from="^http://(www\.)?nott(ingham|s)\.indymedia\.org\.uk" to="https://nottingham.indymedia.org.uk"/>
<!-- Bristol has its own setup under the indymedia.org domain -->
<rule from="^http://(www\.)?bristol\.indymedia\.org" to="https://bristol.indymedia.org"/>
<!-- All other UK regions are in region subdirectories of the main indymedia.org.uk domain -->
<rule from="^http://(www\.)?(birmingham|cambridge|liverpool|manchester|oxford|scotland|sheffield|southcoast|world)\.indymedia\.org\.uk"
to="https://www.indymedia.org.uk/en/regions/$2"/>
<!-- Scotland has its own domain as well now, indymediascotland.org, but that doesn't have an encrypted URL -->
<!-- Northern Indymedia has its own domain -->
<rule from="^http://(www\.)?(northern-|northern.)indymedia\.org" to="https://northern.indymedia.org"/>
 
<!-- The print and satellite projects aren't encrypted, but radio and video are -->
<rule from="^http://(www\.)?(radio|video)\.indymedia\.org" to="https://$2.indymedia.org"/>
 
<!-- Some international Indymedias have encrypted sites, others don't.
Many of them have self-signed or invalid certificates, so your browser might complain, but you can override it. -->
 
<!-- Africa -->
<rule from="^http://(www\.)?(estrecho|kenya|southafrica)\.indymedia\.org" to="https://$2.indymedia.org"/>
 
<!-- Canada -->
<rule from="^http://(www\.)?(maritimes|bc)\.indymedia\.org" to="https://$2.indymedia.org"/>
 
<!-- East Asia -->
<rule from="^http://(www\.)?(qc)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- Europe -->
<rule from="^http://(www\.)?(abruzzo|athens|austria|barcelona|belarus|bxl|brussels|calabria|emiliaromagna|euskalherria|grenoble|istanbul|italy|linksunten|madrid|malta|nantes|ovl|paris|piemonte|roma|switzerland|torun|toscana|ukraine)\.indymedia\.org"
to="https://$2.indymedia.org"/>
<rule from="^http://(www\.)?indymedia.ie" to="https://www.indymedia.ie"/>
<rule from="^http://(www\.)?indymedia.nl" to="https://www.indymedia.nl"/>
 
<!-- Latin America -->
<rule from="^http://(www\.)?(argentina|bolivia|sucre|colombia|ecuador|peru|qollasuyu|rosario|santiago|uruguay|venezuela)\.indymedia\.org"
to="https://$2.indymedia.org"/>
 
<!-- Oceania -->
<!-- nothing yet -->
 
<!-- South Asia -->
<!-- nothing yet -->
 
<!-- United States -->
<rule from="^http://(www\.)?(arizona|hawaii|houston|sandiego|seattle)\.indymedia\.org"
to="https://$2.indymedia.org"/>
<rule from="^http://(www\.)?.indybay\.org" to="https://www.indybay.org"/>
 
<!-- West Asia -->
<rule from="^http://(www\.)?(israel)\.indymedia\.org" to="https://$2.indymedia.org"/>
 
<!-- Topics -->
<rule from="^http://(www\.)?(biotech)\.indymedia\.org" to="https://$2.indymedia.org"/>
 
<!-- Process -->
<!-- Ironically, tech.indymedia.org doesn't have a https site -->
<rule from="^http://(www\.)?(lists|docs)\.indymedia\.org" to="https://$2.indymedia.org"/>
 
</ruleset>