StumbleUpon should treat http and https urls as the same

  • Idea
  • Updated 3 years ago
  • Under Consideration
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members.

https://www.gmail.com and http://www.gmail.com are the same, so when I get re-directed to an https site while stumbling, my thumbs down shouldn't fail because the https site hasn't been liked, and vice versa, my thumbs up shouldn't re-direct me to the submit new stumble page. (FYI, I used gmail as an example only.)
Photo of geeknik

geeknik, Champion

  • 433 Posts
  • 47 Reply Likes
  • frustrated

Posted 3 years ago

  • 2
Photo of Xian

Xian

  • 102 Posts
  • 3 Reply Likes
thanks for the feedback!
one concern I have is that for some sites, the https and http versions of the page are not the same.
for example, this url:
http://online.wsj.com/article/SB10001...

it's an interesting point to consider though.
Photo of geeknik

geeknik, Champion

  • 433 Posts
  • 47 Reply Likes
True. However, it's quite annoying when I use the HTTPS Everywhere extension in Chrome and I'm stumbling and get re-directed to the HTTPS version of the page seamlessly and click 'I like it!' and have to fill out the submission form because it's a "new" site. I know you guys do 404 checking in the background, maybe some sort of heuristics to see if the pages are the same? I dunno, you guys are the big data experts, I'm just me. ;)
Photo of benadamx

benadamx, Engineering Manager

  • 921 Posts
  • 181 Reply Likes
Official Response
Hey Guys,

As a general matter of policy (and due to a wide variety of security and other technical concerns), we've just not allowed the submission of https urls; due to an oversight in the v5 design we let that policy lapse for a bit, but will be closing that loophole shortly and again disallowing https urls.

Sorry for any inconvenience this may cause, but it's essentially not on the table for further changes at this time.
Photo of geeknik

geeknik, Champion

  • 433 Posts
  • 47 Reply Likes
So what this means is that anyone who values privacy and security and uses the HTTPS Everywhere extension in Firefox or Chrome will have to disable it while stumbling. Excellent.
Photo of Serinadruid

Serinadruid

  • 180 Posts
  • 104 Reply Likes
The trouble the fact that your bosses outsourced the construction of the latest version is that nearly everything is a "big project" for you guys since you didn't write the original code (imo).
Photo of benadamx

benadamx, Engineering Manager

  • 921 Posts
  • 181 Reply Likes
that's just blatantly false; we wrote all the code in-house. the only parts that saw external consultation were the appearance.

adding https support would be a big project regardless of the redesign.
Photo of Gladsdotter

Gladsdotter, Champion

  • 1439 Posts
  • 666 Reply Likes
@Ben, does that mean we will no longer be able to discuss GS threads via share? The people who still care about SU do that a lot!
Photo of benadamx

benadamx, Engineering Manager

  • 921 Posts
  • 181 Reply Likes
that may well be the case, unless GS provides a way to disable https.

supporting https is not a quick fix, we can't just turn it back on for this one use case (or any other given use case) regardless of the convenience factor;
having https submissions mistakenly enabled for the last few months has inadvertently caused a wide variety of service degradations sitewide (and across many of the clients) because we don't yet have infrastructure in place to properly support it (and indeed, with the current state of https technology, it's not yet clear that there even is a reasonable way to support it).
Photo of Serinadruid

Serinadruid

  • 180 Posts
  • 104 Reply Likes
More and more sites are becoming https because it is more secure. Does StumbleUpon not value internet security?
Photo of Gladsdotter

Gladsdotter, Champion

  • 1439 Posts
  • 666 Reply Likes
Thanks for the explanation, Ben. I appreciate that this is a technical issue and something beyond your own control, but to users who find that they can no longer share GS threads the change is going to reek of censorship. Can someone at SU contact GS about whether disabling https is possible?

For anyone who doubts these threads are being shared, see the number of views on these recent ones:
http://www.stumbleupon.com/content/19...
http://www.stumbleupon.com/content/2u...
http://www.stumbleupon.com/content/6I...
http://www.stumbleupon.com/content/2T...

Many other GS threads, established before GS switched from http to https have views and comments that aren't reflected in their current info. pages, since SU treats the http and https pages as separate entities. For example:

http://www.stumbleupon.com/content/1S... and http://www.stumbleupon.com/content/2a...

This forum is one of the last formats in which users are able to discuss and share SU issues. We say things via share that we cannot say in these forum threads themselves--the comments you would delete if they were posted here. I truly fear that in disabling that, you are going to drive away your last vestige of truly loyal longtime users.
Photo of Serinadruid

Serinadruid

  • 180 Posts
  • 104 Reply Likes
...and there aren't enough of us left to waste imo
Photo of anitab

anitab

  • 236 Posts
  • 91 Reply Likes
if that is so.. i would ask people to stop sharing and speak up. i, of course... am tired of all that... and just share cats. :)
Photo of Serinadruid

Serinadruid

  • 180 Posts
  • 104 Reply Likes
If something can't be worked out so that GS threads can be shared then perhaps a new avenue for feedback should be considered.

Personally, I think it is really important that SU work on the ability to be able to share https in general though.
Photo of benadamx

benadamx, Engineering Manager

  • 921 Posts
  • 181 Reply Likes
Hey Guys,

Just to clarify my previous statement - I don't mean to imply that we're never going to look into this, but as I mentioned before it'd be a very big project, and as many other big projects are already fully scheduled for development, it's unlikely stumbling https will see any action before Q4 2012 (if not Q1 2013).

(and that's as concrete a statement as I can offer on the topic, as I'm not the guy that schedules things or decides which major projects take scheduling priority).
Photo of benadamx

benadamx, Engineering Manager

  • 921 Posts
  • 181 Reply Likes
(and on that note, I'll switch the topic status to 'under consideration')
Photo of peter eckersleyPE

peter eckersley

  • 1 Post
  • 2 Reply Likes
Just so you're aware, there are currently around 1.5 - 2 million people running various versions of the HTTPS Everywhere browser extensions. I guess this is StumbleUpon stating that it will be almost impossible for these people to use SU for the next six months.

There /are/ some legitimate reasons to treat certain kinds of HTTPS URLs as confidential, but that's also true of HTTP URLs; it's just that URL and especially the path and query parameters have slightly better protection against network surveillance in the HTTPS case. In either case, having permission from a human with a copy of the URL should be a reasonable standard for propagating it.

This conversation is no longer open for comments or replies.