Remove right-wildcard targets (if possible)

[cschanaj]

This issue might take a long long long time to complete since a rewrite is not always possible.

Using a modified command from https://github.com/EFForg/https-everywhere/pull/11187#issuecomment-315766782

egrep -l '<target\s+host=\s*"[^"]*\.\*"\s*/>' *.xml

• [x] EBay.xml
• [x] Eventim.xml #10948
• [x] GoogleImages.xml (e8bb995071c473f4cb30596f42dcaf0a9b523d3a)
• [x] GoogleMaps.xml (30ac44802700ac9c964d53e447e99a75c181e60e)
• [x] GoogleShopping.xml (4c82624193b46e9079067124ced78d1e66713cf7)
• [ ] Google.tld_Subdomains.xml
• [x] GoogleVideos.xml
• [ ] Google.xml
• [x] Live-Nation.xml (#14255)
• [x] Ticketmaster.xml (#19215)
• [x] Wyndham.xml #12672
• [x] All-Inkl.xml #11054
• [x] Bytename.xml #11242
• [x] Capital-One-Connect.xml #11237
• [x] Directbox.xml #11246
• [x] EKomi.xml #11302
• [x] F5-mismatches.xml #12519
• [x] Foresters.xml #11205
• [x] GlobalSign.xml #11201
• [x] GymGlish.xml, GymGlish-problematic.xml #11278
• [x] ~HSBC.xml~ (does not use a right-wildcard)
• [x] Jako-O.xml #11248
• [x] KickNews.xml #11202
• [x] Kimberly-Clark.xml #11249
• [x] Krisostomus.xml #11056 ~#11200~
• [x] LoveFilm.xml #11207
• [x] Nokia.xml #11285
• [x] Nordea.xml #11250
• [x] Planet-Work.xml #11239
• [x] Red_Bull.xml #11852
• [x] Rochesterhomepage.net.xml #11551
• [x] SamKnows.xml #11206
• [x] Servage.net.xml #11245
• [x] ShopStyle.xml, ShopStyle-mismatches.xml #12521
• [x] Siemens.com.xml #11451
• [x] SimFlight-problematic.xml #12616
• [x] STRATO.xml #11279
• [x] Thumbshots.xml #11765
• [x] Tickengo.xml #11204
• [x] Trusted-Shops.xml #12522
• [x] UltraDNS.xml #11241
• [x] World_of_Warplanes.xml #11055
• [x] World_of_Warships.xml #11057

[Bisaloo]

From https://github.com/EFForg/https-everywhere/issues/1327#issuecomment-178265893:

Yeah, I think it would be useful to run a script that does lookups for all the ICANN public suffixes to expand the right-side wildcards to the things they actually resolve to.

It's probably not necessary in many cases because the wildcard actually only covers a handful of suffixes but it may be useful for Google related rulesets for example.

[ghost]

https://publicsuffix.org/

[cschanaj]

I agree that using a script to expand the right wildcard is a probable approach, but popular sites like Google might own nearly all suffix for its domains. It might result in a (number of) huge ruleset with a overwhelming number of target leading to long term maintenance issue.

I will prefer to whitelist a ruleset from the rule-test if it does not cover only a handful number of the suffix.

Remark: Please be noted that the proposed changes rule-test ignore right wildcard target currently.

[Bisaloo]

The idea of removing right-sided wildcards was supported by two of the project developers. We can always ask @Hainish if he shares their views or if the EFF opinion on this has changed.

It might result in a (number of) huge ruleset with a overwhelming number of target leading to long term maintenance issue.

Don't forget that right-sided wildcards are also a hassle to maintain because they don't work with our current automated tools to disable/remove rulesets (https-everywhere-full-fetch-test and hsts-prune) and possibly with future ones as well.

[Hainish]

An ideal solution would be to include the Public Suffix List in the extension itself, and right-wildcard redirects would only be performed if it matches target minus right-wildcard + public suffix. This way we wouldn't have to validate right-wildcards against the list, we'd be assured that they behave as expected. As it stands, the PSL compressed registers at 65k, which is too large of an overhead to add to the extension for this purpose.

As it stands, we highly discourage right-wildcards, but allow them in some cases. I don't think we should remove them completely if they are useful in removing potentially thousands of targets, such as is the case with Google. Judging where they are appropriate and where they can be removed is a call of the ruleset maintainers.

[Bisaloo]

13682 will remove Google.xml and Google.tld_Subdomains.xml