Always use secure connection to UK Indymedia sites - Firefox add-on
Rogue Radish | 07.09.2010 16:42 | Indymedia | Technology
Indymedia recommend that you connect to sites using a secure connection. This means connecting to:
https://www.indymedia.org.uk/en/
Instead of
http://www.indymedia.org.uk/en/
(i.e. https at the beginning instead of http)
You can read about why to do this and what a secure connection is here (also contains useful information about accepting certificates): https://www.indymedia.org.uk/en/static/security.html
If you use the Firefox browser ( http://www.mozilla-europe.org/en/firefox/ ), those lovely people at The Tor Project ( https://www.torproject.org/ ) and the Electronic Frontier Foundation ( https://eff.org/ ) have written an add-on that allows you to default to the secure connection for websites called HTTPS Everywhere. This means that even if you type http://www.indymedia.org.uk/en/ you will be taken to the secure version of the site.
The add-on does not, by default, include rules for UK Indymedia sites. So I thought I'd write some. So, if you want to make sure that when you browse Indymedia sites based in the UK, here is how to do it.
1. Install the add-on. You can get the add-on from EFF here: https://www.eff.org/https-everywhere
2. Add the UK Indymedia sites rule to the add-on by copying the attached file into the HTTPSAnywhere subdirectory of your Firefox profile (help on finding your profile: http://kb.mozillazine.org/Profile_folder_-_Firefox )
3. Restart Firefox. Make sure that the HTTPSAnywhere add-on is enabled and that the 'UK Indymedias' box is checked in the preferences. If you need to change the preferences, restart Firefox again.
4. Check that it is working. This link: http://oxford.indymedia.org.uk should take you to this address: https://www.indymedia.org.uk/en/regions/oxford/
NOTES
a. If you spot anything that is not working, or if I have missed off any sites, please say so in the comments and I will update the script.
b. I am not a techie, and I think there might be a better way of writing the rules. If you can do so, please add it to the comments. The instructions for writing rules are here: https://www.eff.org/https-everywhere/rulesets
c. The xml file is provided as is. I've tried to make sure it works, but use of the rules is at your own risk.
Hope this helps. Happy IMC surfing.
https://www.indymedia.org.uk/en/ Instead of
http://www.indymedia.org.uk/en/ (i.e. https at the beginning instead of http)
You can read about why to do this and what a secure connection is here (also contains useful information about accepting certificates):
https://www.indymedia.org.uk/en/static/security.html If you use the Firefox browser (
http://www.mozilla-europe.org/en/firefox/ ), those lovely people at The Tor Project ( https://www.torproject.org/ ) and the Electronic Frontier Foundation ( https://eff.org/ ) have written an add-on that allows you to default to the secure connection for websites called HTTPS Everywhere. This means that even if you type http://www.indymedia.org.uk/en/ you will be taken to the secure version of the site. The add-on does not, by default, include rules for UK Indymedia sites. So I thought I'd write some. So, if you want to make sure that when you browse Indymedia sites based in the UK, here is how to do it.
1. Install the add-on. You can get the add-on from EFF here:
https://www.eff.org/https-everywhere 2. Add the UK Indymedia sites rule to the add-on by copying the attached file into the HTTPSAnywhere subdirectory of your Firefox profile (help on finding your profile:
http://kb.mozillazine.org/Profile_folder_-_Firefox ) 3. Restart Firefox. Make sure that the HTTPSAnywhere add-on is enabled and that the 'UK Indymedias' box is checked in the preferences. If you need to change the preferences, restart Firefox again.
4. Check that it is working. This link:
http://oxford.indymedia.org.uk should take you to this address: https://www.indymedia.org.uk/en/regions/oxford/ NOTES
a. If you spot anything that is not working, or if I have missed off any sites, please say so in the comments and I will update the script.
b. I am not a techie, and I think there might be a better way of writing the rules. If you can do so, please add it to the comments. The instructions for writing rules are here:
https://www.eff.org/https-everywhere/rulesets c. The xml file is provided as is. I've tried to make sure it works, but use of the rules is at your own risk.
Hope this helps. Happy IMC surfing.
Rogue Radish
Additions
comprehensive ruleset for all international Indymedia sites
09.09.2010 01:15
I've spent several hours checking all Indymedia sites linked from the front page to see if they accept encrypted URLs, and here is the resulting ruleset for use with HTTPS Everywhere. Let me know if you find something that isn't covered by this, or that doesn't work.
<ruleset name="Indymedia">
<!-- the main indymedia.org and indymedia.org.uk domains -->
<rule from="^http://(www\.)?indymedia\.org(\.uk)?" to=" https://www.indymedia.org$2"/>
<!-- london.indymedia.org.uk is different to indymedia.org.uk/en/regions/london/ -->
<rule from="^http://(www\.)?london\.indymedia\.org\.uk" to=" https://london.indymedia.org.uk"/>
<!-- Nottingham has its own setup -->
<rule from="^http://(www\.)?nott(ingham|s)\.indymedia\.org\.uk" to=" https://nottingham.indymedia.org.uk"/>
<!-- Bristol has its own setup under the indymedia.org domain -->
<rule from="^http://(www\.)?bristol\.indymedia\.org" to=" https://bristol.indymedia.org"/>
<!-- All other UK regions are in region subdirectories of the main indymedia.org.uk domain -->
<rule from="^http://(www\.)?(birmingham|cambridge|liverpool|manchester|oxford|scotland|sheffield|southcoast|world)\.indymedia\.org\.uk"
to=" https://www.indymedia.org.uk/en/regions/$2"/>
<!-- Scotland has its own domain as well now, indymediascotland.org, but that doesn't have an encrypted URL -->
<!-- Northern Indymedia has its own domain -->
<rule from="^http://(www\.)?(northern-|northern.)indymedia\.org" to=" https://northern.indymedia.org"/>
<!-- The print and satellite projects aren't encrypted, but radio and video are -->
<rule from="^http://(www\.)?(radio|video)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- Some international Indymedias have encrypted sites, others don't.
Many of them have self-signed or invalid certificates, so your browser might complain, but you can override it. -->
<!-- Africa -->
<rule from="^http://(www\.)?(estrecho|kenya|southafrica)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- Canada -->
<rule from="^http://(www\.)?(maritimes|bc)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- East Asia -->
<rule from="^http://(www\.)?(qc)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- Europe -->
<rule from="^http://(www\.)?(abruzzo|athens|austria|barcelona|belarus|bxl|brussels|calabria|emiliaromagna|euskalherria|grenoble|istanbul|italy|linksunten|madrid|malta|nantes|ovl|paris|piemonte|roma|switzerland|torun|toscana|ukraine)\.indymedia\.org"
to="https://$2.indymedia.org"/>
<rule from="^http://(www\.)?indymedia.ie" to=" https://www.indymedia.ie"/>
<rule from="^http://(www\.)?indymedia.nl" to=" https://www.indymedia.nl"/>
<!-- Latin America -->
<rule from="^http://(www\.)?(argentina|bolivia|sucre|colombia|ecuador|peru|qollasuyu|rosario|santiago|uruguay|venezuela)\.indymedia\.org"
to="https://$2.indymedia.org"/>
<!-- Oceania -->
<!-- nothing yet -->
<!-- South Asia -->
<!-- nothing yet -->
<!-- United States -->
<rule from="^http://(www\.)?(arizona|hawaii|houston|sandiego|seattle|)\.indymedia\.org"
to="https://$2.indymedia.org"/>
<rule from="^http://(www\.)?.indybay\.org" to=" https://www.indybay.org"/>
<!-- West Asia -->
<rule from="^http://(www\.)?(israel)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- Topics -->
<rule from="^http://(www\.)?(biotech)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- Process -->
<!-- Ironically, tech.indymedia.org doesn't have a https site -->
<rule from="^http://(www\.)?(lists|docs)\.indymedia\.org" to="https://$2.indymedia.org"/>
</ruleset>
<ruleset name="Indymedia">
<!-- the main indymedia.org and indymedia.org.uk domains -->
<rule from="^http://(www\.)?indymedia\.org(\.uk)?" to="
https://www.indymedia.org$2"/> <!-- london.indymedia.org.uk is different to indymedia.org.uk/en/regions/london/ -->
<rule from="^http://(www\.)?london\.indymedia\.org\.uk" to="
https://london.indymedia.org.uk"/> <!-- Nottingham has its own setup -->
<rule from="^http://(www\.)?nott(ingham|s)\.indymedia\.org\.uk" to="
https://nottingham.indymedia.org.uk"/> <!-- Bristol has its own setup under the indymedia.org domain -->
<rule from="^http://(www\.)?bristol\.indymedia\.org" to="
https://bristol.indymedia.org"/> <!-- All other UK regions are in region subdirectories of the main indymedia.org.uk domain -->
<rule from="^http://(www\.)?(birmingham|cambridge|liverpool|manchester|oxford|scotland|sheffield|southcoast|world)\.indymedia\.org\.uk"
to="
https://www.indymedia.org.uk/en/regions/$2"/> <!-- Scotland has its own domain as well now, indymediascotland.org, but that doesn't have an encrypted URL -->
<!-- Northern Indymedia has its own domain -->
<rule from="^http://(www\.)?(northern-|northern.)indymedia\.org" to="
https://northern.indymedia.org"/> <!-- The print and satellite projects aren't encrypted, but radio and video are -->
<rule from="^http://(www\.)?(radio|video)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- Some international Indymedias have encrypted sites, others don't.
Many of them have self-signed or invalid certificates, so your browser might complain, but you can override it. -->
<!-- Africa -->
<rule from="^http://(www\.)?(estrecho|kenya|southafrica)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- Canada -->
<rule from="^http://(www\.)?(maritimes|bc)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- East Asia -->
<rule from="^http://(www\.)?(qc)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- Europe -->
<rule from="^http://(www\.)?(abruzzo|athens|austria|barcelona|belarus|bxl|brussels|calabria|emiliaromagna|euskalherria|grenoble|istanbul|italy|linksunten|madrid|malta|nantes|ovl|paris|piemonte|roma|switzerland|torun|toscana|ukraine)\.indymedia\.org"
to="https://$2.indymedia.org"/>
<rule from="^http://(www\.)?indymedia.ie" to="
https://www.indymedia.ie"/> <rule from="^http://(www\.)?indymedia.nl" to="
https://www.indymedia.nl"/> <!-- Latin America -->
<rule from="^http://(www\.)?(argentina|bolivia|sucre|colombia|ecuador|peru|qollasuyu|rosario|santiago|uruguay|venezuela)\.indymedia\.org"
to="https://$2.indymedia.org"/>
<!-- Oceania -->
<!-- nothing yet -->
<!-- South Asia -->
<!-- nothing yet -->
<!-- United States -->
<rule from="^http://(www\.)?(arizona|hawaii|houston|sandiego|seattle|)\.indymedia\.org"
to="https://$2.indymedia.org"/>
<rule from="^http://(www\.)?.indybay\.org" to="
https://www.indybay.org"/> <!-- West Asia -->
<rule from="^http://(www\.)?(israel)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- Topics -->
<rule from="^http://(www\.)?(biotech)\.indymedia\.org" to="https://$2.indymedia.org"/>
<!-- Process -->
<!-- Ironically, tech.indymedia.org doesn't have a https site -->
<rule from="^http://(www\.)?(lists|docs)\.indymedia\.org" to="https://$2.indymedia.org"/>
</ruleset>
anon
@ comprehensive ruleset for all international Indymedia sites
09.09.2010 18:31
Nice one anon - works for me.
I put the script on my blog here so that people can see and copy it without the space that gets added when this site turns URLs into like (like this to=" https://london.indymedia.org.uk )
Here's the script without spaces ...
http://penguin.ox4.org/node/397
When fully tested it, I think it's worth sending to EFF to include as a standard part of HTTP Everywhere.
I put the script on my blog here so that people can see and copy it without the space that gets added when this site turns URLs into like (like this to="
https://london.indymedia.org.uk ) Here's the script without spaces ...
http://penguin.ox4.org/node/397 When fully tested it, I think it's worth sending to EFF to include as a standard part of HTTP Everywhere.
penguin
Comments
Hide the following 11 comments
Here's the attachment
07.09.2010 17:01
Radish
Here's the attachment
07.09.2010 17:22
Radish
INDYMEDIA MODS CAN YOU HELP?
07.09.2010 17:29
Cheers
Radish
what to do
07.09.2010 22:20
copy paste all the below code into a notepad and save the file as "indymedia https":
open up a folder and click
1. "Tools", and select "Folder Options"
2. click the "view" tab & make sure the "hide extensions for known file types" is NOT ticked.
3. change your saved notepad with the above text from "indymedia https.txt" to "indymedia https.xml"
4. put that file into the firefox, https add on folder that can be located following the instructions on this page:
for windows click here:
example:
On Windows 2000, Windows XP, Windows Vista, and Windows 7
1. Press "Windows key Image:Windows_Key.png + R" to open the Run box
(or, you can click "Start → Run..." on Windows 2000/XP)
2. In the Run box, type in %APPDATA%
3. Click OK. A Windows Explorer window will appear.
4. In this window, choose Mozilla → Firefox → Profiles.
then keep clicking through the folders until you come to the add-ons folder and simply move the xml (txt) file into the https folder.
NB. remember to recheck "Folder Options", "view", "hide extensions for known file types" as if you change the name and lose the extension the pc will not know how to open the apps/docs, etc!
good luck and hope this helps.
help
Error message in browser
07.09.2010 22:31
"www.indymedia.org.uk uses an invalid security certificate"
Could someone please make sure that the certificate is valid? Thanks...
invalid
re: invalid security certificate
07.09.2010 23:12
Indymedia sends you its encryption key so that the web traffic can be encrypted, so how do you know it is genuine and hasn't been tampered with en route by an evil government and replaced with a bogus encryption key?
Basically the keys can be digitally signed by a trusted authority who confirms they are genuine. Browsers come pre-loaded with a few key-signing authorities, and you just have to trust they are OK. But if Indymedia's keys aren't signed by any of the authorities contained in your browser, it can't confirm the encryption key is genuine.
In Firefox you can click on the padlock icon at the lower right to see the certificate details. In Indymedia's case it appears to be signed by cacert.org
If your browser doesn't have cacert.org as a trusted authority then it will give warning messages when visiting the indymedia website with a https:// URL.
anon
howto for Linux users
07.09.2010 23:28
go to ~/.mozilla/firefox/dftghdfgh.default/HTTPSEverywhereUserRules/
(the exact name before .default will vary)
create a text file here called indymedia.xml and put this in it (hopefully Indymedia won't mangle or remove this):
<ruleset name="Indymedia">
<rule from="^http://([^/:@]*)\.indymedia\.org\.uk" to="https://$1.indymedia.org.uk"/>
</ruleset>
restart Firefox.
Now it should work for Indymedia. Under Tools/Add-ons/HTTPS-Everywhere/Preferences you should see Indymedia listed.
Hopefully this process will become easier in time.
anon
The full xml file
08.09.2010 15:59
@ howto for Linux users
I like your use of regular expressions (they're beyond me), but I don't think that your script will cover every circumstance. For example:
Bristol - use the address ***.org (not ***.org.uk)
Many others use
Hence I came up with the very verbose xml below that (AFAIK) covers all the bases. I'm sure that somebody more techie than me could shorten this by using regular expressions.
BTW - Indymedia seems to strip code pasted in comments and articles. Probably a very sensible security function. The way to post opening and closing tags (< and >) is to use html entities. So use &.lt; for < and &.gt; for > (without the dot in both cases).
See comment 'what to do' for how to use this on Windows and 'howto for Linux users' on how to use this on Linux.
<ruleset name="UK Indymedias">
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
<rule from="^
</ruleset>
Radish
regular expressions
08.09.2010 17:13
<rule from="^http://([^/:@]*)\.indymedia\.org\.uk" to="https://$1.indymedia.org.uk"/>
The [^/:@] just means any character that isn't /, : or @. (The ^ at the start inside square brackets means anything not in this list. The ^ before the http has a totally different meaning: the start of the line.)
The * means repeated zero or more times.
The brackets () are so you can refer back to the string as $1 from the second expression.
It's true my version doesn't handle the local indymedias properly. I might try to do one that does them OK.
It seems that e.g.
Maybe an enhancement to the plugin could follow any redirects first before changing the URL to https. I'm not sure if that is possible without leaking data though, since you don't know if there is a redirect until you connect.
It would appear that in general it is better to put links to the local indymedias in the form
anon
OK but
12.09.2010 14:47
Have you guys with the knowledge got it sorted out yet, and if so can you put a new, simplified, article up explaining things in easy layman's terms for we uninitiated.
Thanks
Technofobe
Step by step instructions
18.09.2010 18:27
(revised 18 Sept 2010)
Penguin