Rated 5 out of 5 stars

Need an update for Quantum!

Rated 5 out of 5 stars

This extension fills an important gap in the current use of HTTPS and authentication, and should be a standard feature of all web browsers.

Unfortunately after November it will probably cease to function, and the project site is now AWOL.

Thanks to Dan and the team for all the work over the years. Your work was and is very important.

Rated 5 out of 5 stars

Notaries are to be found here:
https://perspectives-project.org/notary-servers/

Rated 4 out of 5 stars

A very interesting piece of software. Works well for me, with not too much latency.

Regarding the comment below about the default notaries list, I've found 13 active notary servers as at posting date.

Here they are:

perspectives1.schulte.org:8080
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAF9YhEaUx+MR/9dw/ceF5+DAmTm
KRylGYKz+rfLSKMS1PMfkGiXVB12qkGOj321PrphLs2s9KWLcxHnCwJdQWcg2xIA
VQbZ2I5me2PEJNC+1Y9nqPR6AeKEljDPK/A1KiTjwDGjpvru8Djp25q++VJjhUZG
y0Wq845LMMUbQGefh05IL4Y9vuMWRUjs0C6enkI5CnCcMIFD1uY5+rsqknw1Nthn
2ZhTVfcjxTsCAwEAAQ==
-----END PUBLIC KEY-----

perspectives2.schulte.org:8080
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAGcQwe1IeEnF/ZobSywrpzbv6Uw
sZyxU7WThAaJ1EKy7UIYSrcJ6v/qurFwn9DwR8hxpXCgE8MRZdfVi99z69VE0Nmw
6vHLuC0PKQ/m3Gc+4LzfEyJ/fsPFsTsSqwog+ys8ehvCifoazewyLAZvVfBW3TVZ
uv7REooR5rWVrkI05z/VLpY9eSanWxaBJikHE3AnfOocI60ZIvq2eftIkpqCppwr
AZtwGtmxHa0CAwEAAQ==
-----END PUBLIC KEY-----

perspectives3.schulte.org:8080
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAG0L5/mnLvIjQbD6yazszjVBWCb
K7iUiav/M/9qoph2s1Nd2HSbEa2pZsNTtRrPNd2uPkYPGjkuhv5Ba3AMezN4eeEJ
pxa0wBSuYX7deUcQCu+0W/tLXZ61ny/Ezu/mnAQ10HIiO7mQnDTliF4ReSWC9TuR
axLr1tEh3i/pRoSOCtcWIR5y59BYu+GiPHl9IDOBraTG0R9ph+3fDVtf+kd+WUVv
/d0tWI0UmGsCAwEAAQ==
-----END PUBLIC KEY-----

perspectives4.schulte.org:8080
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAF+1OV01dpujDpFoUtld37Pgy4/
67E7EFB7YyHkfQbTuPnfZ2+UNScl80vcmN1hym8XJ0icPahah+SXMLq81UNxO6Xq
4s/41C5IxjnZN2Ij3EvhSPQ9HrK9+CVUmLWTWQRG7t5JaKGdlmYc5Fou1/SMoURZ
z4LWWGwcYH5/DcBt64XL5c87v4g3mfCDptmFMg5Cy34uG+XEh0obvp5S+uuORwn1
agGH5DYpR1sCAwEAAQ==
-----END PUBLIC KEY-----

perspectives2.networknotary.org:8080
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAHB9gHj3Zyx7u++wTffAsEuRJdj
CZSFocs5ZKVamm6O7ywtFCuPgxxYTr3GyrDKj2IBO05iXirOISyX0OtENvs829Xj
TbKqDgeN1ttDiJmszN939RvBdmzkmXi2zaOXPX3ral56hJOWjOs6NokeBo26ZHux
5k9g3AqFer5LNyDVgGrG5q7+INGodDSTYm2W5nvmi55U/pe7MmJCH7EEY1ObGPr1
7XqZeEbL4ikCAwEAAQ==
-----END PUBLIC KEY-----

perspectives8.networknotary.org:8080
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAHrtkVD3O4XCkOdFwMqlEDVYTW6
W82QQomSb9Pa/OGeRvbupk/d1iNNbBAs7B2Irg3Xk+OValBf29cUwXsYbpm3lEKG
OqVhwas7YaHz4cnztkQJ5N+fW2eGe7iD1k1/wB7aPECPYVQgXOSpYcmg4999JGxj
PE6LWmIu3KQfk1YtZBjGOI9Sa5wNhECvVoIMYGH1oG+oXkACpd6AgUJMfIOdG7Bk
wW9YFRKHPJkCAwEAAQ==
-----END PUBLIC KEY-----

heimdal.herokuapp.com:80
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAGhzbwVcnEaT2Hb9WD9Wvh9CVYu
86w+8ZMdO4KG506K77IsERfIuh84YkE4qoDnjfR7TCQBvreVl81lIh5UE0kzO84X
673risoBebbGCNjXQNu5mWkq2Qp7SuuemeXaYFmkpc06t2n6NvNcS9JVm8KJRqBK
qlwqlFgDuDZPUcYmWoIL4sF9w/3ep9nPSIJYburTdpCaeXPGhMiMzh4E2GnJc3Y2
beezGWtciXUCAwEAAQ==
-----END PUBLIC KEY-----

nine-eyes.herokuapp.com:80
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAEw+W1dv0a00gzVqvHa8SafHhpY
ESsCIB8kj4bb1ccXr7u6vaiBN83ssaPi1N/ZNDlyOnqZwopoZGkgzUxMUNzg9P6V
ph9l7ldMu8XGuwmFoHBgEys633EPcrJcs46lfvNz5JRrYnjh0WMkj0VXvVlYla2g
6aAA80+C7u56D2FodNxWscPNpQWUAHDJOnAWr1CI9CNU/rbl5c85KJ7cW6u+LFBm
pXk2xzJ2tq8CAwEAAQ==
-----END PUBLIC KEY-----

de.yano.nu
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAHH17C/zqdzBW3y8Rov0UVFkme6
Idfd1O7wXckTdbd+bu7rClAFMbGijMlxYmNeavhJfyYmYct89dNlIyrnK9fa5PeL
q1g3zj5XybWi+UYrnwjcsKzCsZrWmqjx4ewICzCRypqj76k73eWwTxJ0F3ZWm/Va
VVe6slBxa/Vz6G/A5lgUUWYnktG9BnwnU1CCbQVE9vKnI/Kfv/mfBXbhkc0knRbR
JpMo07AyY2ECAwEAAQ==
-----END PUBLIC KEY-----

notary1.constructibleuniverse.net:8080
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAFzVqLz5qmyMwd4XuXGPtyDu0VO
hvfpt3fUJz/2bGWRDcWPIZw/1Gzj2VQjDSRXuAnjsnJY46s3P50HDYZ764AYvggd
vD8KjjNv5R5r6jW83bqJJPI2mRJR/Gu0iKZn7H7X8tKuL0qH5ukRAsonYj59qk2N
THZkBtiReqYoMv3+FzxJAbXM3rEp0+x2NzM9MeEA8JwYmCBqXZucDeL8N/WSvqOK
alVDUr82uj8CAwEAAQ==
-----END PUBLIC KEY-----

notary2.qabs.cz:8080
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAGYNrXeOuExUPjrwisreOZ67ZTT
xaPVLncYrVrvE2Q3KzAqVvGlhyxZMnSLlHlHD5BJsA3bM/15ForpH/dJL+GnONZY
sQdgVdDXH30231bImuOzqBNCqMsTB4hxg9U6a1J4h7sa1eOn5Zz1EbDGuW2+jEcE
0MjqpaYEEW7FZiZOIJQRz4jX26zfGGhtd7txfkZQ26lhiibo9auCxp1tnVJmBX2S
VisNlAuuLM8CAwEAAQ==
-----END PUBLIC KEY-----

perspectives.hackcoop.com.ar
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAF3Ge/ghhCsDX4Y0PgWPMhvawGc
hlb460VvzaEcKKtQDOI4izZvfZokCY9TYzVH0T1tRJICV/FK7jr/Yj2D7BoT8mQk
KKxZaLSyUUr6Msl3n5ABGc8t/blUSvxYLRdLlEsPjSkYidbf9BI95wwB2ggJhrBL
nQIj0izhU0zkV5xV3YvMqBBnVsl5USjfBPrettNtGA6B3BVBeGGnYuMRBEKUTtSG
ODgBKw7jOQ8CAwEAAQ==
-----END PUBLIC KEY-----

ec2-54-66-132-58.ap-southeast-2.compute.amazonaws.com
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAGa3NpsLJPJt4+D2NoidbZq0sx4
ALtpaczKGdjgvtddQRq2ZC6vtdFKRtNy2Ml3pmLIVA2mndCQh1UCiG9OdJz2ZiZ2
BXWb82gyL3qpsSxUG41SyxZxvN4A7ABFASOolq3udNWr7ufIRVT2pCr0dV6IJOF/
/L6BJ8WzBeLVjID8SpnTc9wbwpGcvEWr0U6eEiJ/AyiClMYn2jtOnAW9l+rz1rR8
SJW79GNd6WUCAwEAAQ==
-----END PUBLIC KEY-----


So just disable the default list and cut and paste this list into the Additional Notary Servers box.

This review is for a previous version of the add-on (4.5.2.1-signed). 

Rated 4 out of 5 stars

I really like the idea of this project;
- trust based on majority votes
instead of "..well, the CA's are not compromised *THAT* often, so.. ..I just cross my fingers"

Also, the low need for CPU power (just some MD5, or later, SHA1 fingerprint calculations once in a while),
means that "everyone and their grandma" may set up and run their own notary server..!

I have currently just one issue;
- the "default notary server" list..

It consists of 9 notary servers..

heimdal.herokuapp.com:80
nine-eyes.herokuapp.com:80
perspectives2.networknotary.org:8080
perspectives3.networknotary.org:8080
perspectives4.networknotary.org:8080
perspectives5.networknotary.org:8080
perspectives6.networknotary.org:8080
perspectives7.networknotary.org:8080
perspectives8.networknotary.org:8080

..and only the top 2, heimdal and nine-eyes, are online.
The 7 perspectives*.networknotary.org servers are offline,
and they have been offline now for several months.
(except for #8, which is online maybe 5% - 10% of the time.)

I know (at least, I believe I know!) that the reason is the upgrade from MD5 fingerprints to SHA1 fingerprints.

But still, for a new user, who do not know so much about certificates and stuff..
..he/she may not even know *why* Perspectives is a good add-on, having no clue how it works,
he/she just read someplace that "..and, to be *extra* secure, you should really install the Perspectives add-on!"

Then he/she install it, and is *constantly* getting false positives..
- since, even at the lowest security setting, called "High Availability",
more than 50% of the notary servers need to say "this fingerprint matches the one we have stored for this site"
for the red warning cross to change into the green confirmation check-mark.

So, for us to actually use this very nice add-on these days, we have to...

1) Click the Perspectives red warning cross icon, and choose "Preferences"

2) In the Perspective Preferences window, choose the "Notary Servers" tab

3) Uncheck the "Use default notary servers list" checkbox

4) In the "Additional Notary Servers" form field, paste in this list:

de.yano.nu:8080
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAHH17C/zqdzBW3y8Rov0UVFkme6
Idfd1O7wXckTdbd+bu7rClAFMbGijMlxYmNeavhJfyYmYct89dNlIyrnK9fa5PeL
q1g3zj5XybWi+UYrnwjcsKzCsZrWmqjx4ewICzCRypqj76k73eWwTxJ0F3ZWm/Va
VVe6slBxa/Vz6G/A5lgUUWYnktG9BnwnU1CCbQVE9vKnI/Kfv/mfBXbhkc0knRbR
JpMo07AyY2ECAwEAAQ==
-----END PUBLIC KEY-----

perspectives1.schulte.org:8080
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAF9YhEaUx+MR/9dw/ceF5+DAmTm
KRylGYKz+rfLSKMS1PMfkGiXVB12qkGOj321PrphLs2s9KWLcxHnCwJdQWcg2xIA
VQbZ2I5me2PEJNC+1Y9nqPR6AeKEljDPK/A1KiTjwDGjpvru8Djp25q++VJjhUZG
y0Wq845LMMUbQGefh05IL4Y9vuMWRUjs0C6enkI5CnCcMIFD1uY5+rsqknw1Nthn
2ZhTVfcjxTsCAwEAAQ==
-----END PUBLIC KEY-----

notary1.constructibleuniverse.net:8080
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAFzVqLz5qmyMwd4XuXGPtyDu0VO
hvfpt3fUJz/2bGWRDcWPIZw/1Gzj2VQjDSRXuAnjsnJY46s3P50HDYZ764AYvggd
vD8KjjNv5R5r6jW83bqJJPI2mRJR/Gu0iKZn7H7X8tKuL0qH5ukRAsonYj59qk2N
THZkBtiReqYoMv3+FzxJAbXM3rEp0+x2NzM9MeEA8JwYmCBqXZucDeL8N/WSvqOK
alVDUr82uj8CAwEAAQ==
-----END PUBLIC KEY-----

notary2.qabs.cz:8080
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAGYNrXeOuExUPjrwisreOZ67ZTT
xaPVLncYrVrvE2Q3KzAqVvGlhyxZMnSLlHlHD5BJsA3bM/15ForpH/dJL+GnONZY
sQdgVdDXH30231bImuOzqBNCqMsTB4hxg9U6a1J4h7sa1eOn5Zz1EbDGuW2+jEcE
0MjqpaYEEW7FZiZOIJQRz4jX26zfGGhtd7txfkZQ26lhiibo9auCxp1tnVJmBX2S
VisNlAuuLM8CAwEAAQ==
-----END PUBLIC KEY-----

heimdal.herokuapp.com:80
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAGhzbwVcnEaT2Hb9WD9Wvh9CVYu
86w+8ZMdO4KG506K77IsERfIuh84YkE4qoDnjfR7TCQBvreVl81lIh5UE0kzO84X
673risoBebbGCNjXQNu5mWkq2Qp7SuuemeXaYFmkpc06t2n6NvNcS9JVm8KJRqBK
qlwqlFgDuDZPUcYmWoIL4sF9w/3ep9nPSIJYburTdpCaeXPGhMiMzh4E2GnJc3Y2
beezGWtciXUCAwEAAQ==
-----END PUBLIC KEY-----

nine-eyes.herokuapp.com:80
-----BEGIN PUBLIC KEY-----
MIHKMA0GCSqGSIb3DQEBAQUAA4G4ADCBtAKBrAEw+W1dv0a00gzVqvHa8SafHhpY
ESsCIB8kj4bb1ccXr7u6vaiBN83ssaPi1N/ZNDlyOnqZwopoZGkgzUxMUNzg9P6V
ph9l7ldMu8XGuwmFoHBgEys633EPcrJcs46lfvNz5JRrYnjh0WMkj0VXvVlYla2g
6aAA80+C7u56D2FodNxWscPNpQWUAHDJOnAWr1CI9CNU/rbl5c85KJ7cW6u+LFBm
pXk2xzJ2tq8CAwEAAQ==
-----END PUBLIC KEY-----

5) Click the "OK" button

Now, we can start using the Perspectives Add-on.
Keep in mind, the old notary results based on the default server list, will still be used by Perspectives,
so to get the green confirmation check-mark,
we have to click the red warning cross icon, and choose "Force Notary Check".
Or, we could also just restart Firefox.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Specifically to perspectives-cmu and dschaefer, the developers of Perspectives..:

I know (again, I *believe* that I know!..) that the MD5 -> SHA1 upgrade will take time.
But in the meantime, while waiting for this..
- maybe you would update Perspectives from 4.5.2 to 4.5.3,
and in that update, you would..

..*temporarily change the default notary list*,
removing the perspectives*.networknotary.org:8080 servers
and instead add some that are currently online..?

This review is for a previous version of the add-on (4.5.2.1-signed). 

Rated 1 out of 5 stars

I have been trying out version 4.5.2 during the last 14 days, because I liked the idea. Today I finally uninstalled the add-on. During the last two weeks not even a single https connection could be verified, because no "notary" ever answered the request. The add-on always claimed to have no information. ALWAYS! So, the tool was completely useless.

This review is for a previous version of the add-on (4.5.2.1-signed). 

Rated 4 out of 5 stars

This addon provides excellent protection from Man-in-the-Middle attacks. These attacks are rare but not unheard of, and when executed allow the attacker to completely eavesdrop on your SSL-encrypted communications (that is, your typical "https" connections to your bank, Google, email provider, etc).

There are two problems with the addon. One is that two thirds of the notaries are now silent. I was concerned that this might just be me, but actually the screen shot image shown on the addon page shows the same problem: Only three servers (nine-eyes, heimdal and perspectives8 - the ones with green horizontal bars) return replies when queried. That's at most 3/9, or 33%. The default security level requires 75% of the notaries to agree for a connection to be flagged as "confirmed". What this means is that ALL connections are flagged as dangerous, which in turn means you must manually check the notary results each time. The notaries are volunteers that provide a free service, so it's understandable that they're not all in it for the long haul, but it greatly limits the value of the addon. This can be partly solved by manually setting the security to only require 30% agreement, but even that's not perfect (as I write this only nine-eyes and heimdal are returning audit information for https://addons.mozilla.org : 2/9 is less than 30% = Warning!)

The second problem is not Perspective's fault, but it's an annoyance. Some websites (like my well-known credit card brand) initiate connections from a constantly churning and very large pool of diverse certificates. The notary results look like a confetti explosion. I'm baffled why they do this, but it means that such sites are *never* marked as "consistent", since each notary server is getting a different certificate every time they connect. Fortunately, that behavior seems isolated to only a handful of sites (though some of them are Fortune 50 companies).

Ideally, I'd like to see the Perspectives team and the Convergence team (http://convergence.io/) put together a joint addon AND host it on mozilla.org. An irony with Convergence is that it's self-hosted on an HTTP domain, and attempts to connect via HTTPS result in an SSL domain mismatch alert AND redirection to a different website. So I can't use Perspectives to help assure that I'm downloading an unaltered version of the Convergence .xpi file o_O

This review is for a previous version of the add-on (4.5.2.1-signed). 

Rated 3 out of 5 stars

I love the idea behind this add-on, but I find that several sites I frequent are giving alarming errors about the certificate not being seen consistently - yet when I look at the detailed notary results it seems perfectly consistent to me. I've googled several times, but not been able to find out the cause of these false positives. I suspect it's a bug.

This review is for a previous version of the add-on (4.5.2.1-signed). 

Hello, thanks for the feedback. This is likely due to several of the default notaries running an older version of the server software, and being unable to keep up with demand. We are actively taking steps to upgrade the notaries and fix this - https://github.com/danwent/Perspectives/wiki/Perspectives-Roadmap

Rated 5 out of 5 stars

Great addon. Thanks for the fix - I installed this (from https://addons.mozilla.org/firefox/downloads/file/277984/perspectives-4.5.2-fx+sm.xpi) on v.32.0.3 and it does its job.

The only negative I see is that the addon produces a dire warning on sites with self-signed certificates : "Suspected attack:...".
This is a too severe judgement call, most of the time false, that will stop many site visitors.
I would like to see a more technically correct warning: "Warning: self-signed certificate found. To verify that the site is legitimate, check certificate's fingerprint."

The same for an expired cert: "Warning: expired certificate found. To verify that the site is legitimate, check certificate's fingerprint."

If the user is a bit technical (as I would expect from users using this addon), the proposed warning gives them all the info they need.
If she is not overly technical, you drive her immediately away, following the footsteps of the industry who would want to continue and support the money making business of CA who are satisfied with only verifying the requestor domain's e-mail address.

This review is for a previous version of the add-on (4.5.2.1-signed). 

Rated 4 out of 5 stars

Doesn't work actually with FF32+32.0.1:
security change error, md5fingerprinting

Otherwise essential AddOn, simple but effective.
Thanks for this useful piece of software.

This review is for a previous version of the add-on (4.5.1.1-signed). 

Hello, thanks for the note. A release has just been submitted to fix Perspectives for Firefox 32. If you want to download it immediately you can use this link: https://addons.mozilla.org/firefox/downloads/file/277984/perspectives-4.5.2-fx+sm.xpi

Cheers!

Rated 3 out of 5 stars

I don't get it, I install it, Firefox restarts as usual, then I get bak to this page and it doesnt show as installed yet!?

This review is for a previous version of the add-on (4.4.1-signed). 

Hello, thanks for the note. What version of Firefox are you using? It might be that Perspectives is installed but the Perspectives icon has not been added to the toolbar. If you view your list of installed extensions, is Perspectives listed?

There are instructions to make sure Perspectives is displaying correctly on your toolbar here - inhttp://perspectives-project.org/2012/07/24/how-to-customize-the-browser-toolbar/ . Please have a look and let us know if that is the issue.

For more detailed help please contact us on the mailing list - https://groups.google.com/group/perspectives-dev or perspectives-dev@googlegroups.com .

Rated 3 out of 5 stars

Good idea. Needs more information on the page. Is notary contact anonymous? What is sent? How does it work? Explain it to those of us that aren't quite so technically proficient.

This review is for a previous version of the add-on (4.4.1-signed). 

Hi Don, thanks for the note! You are right, we could use a clear explanation for this, I'm thinking some simple diagrams might be helpful as well. I will add a ticket to github so we don't forget.

Notaries currently do not track anything about requests sent to them, but of course a malicious notary could be running different code. The current message that is sent to notaries is simply the name of the site you wish to query. So for example if you wanted to ask the notary heimdal.herokuapp.com about the website addons.mozilla.org, you would visit the URL https://heimdal.herokuapp.com/?host=addons.mozilla.org . Visiting that address in a web browser will show you exactly what the notary sends back to the Perspectives browser extension.

Hope that helps. Feel free to contact us on the mailing list if you have more questions - https://groups.google.com/group/perspectives-dev or perspectives-dev@googlegroups.com

-

*Edit*: I have added a ticket on github here, if you wish to follow along - https://github.com/danwent/Perspectives/issues/106

Rated 3 out of 5 stars

Needs requests to notaries to be anonymized (or are they already?). Attack report form buggy. Idea excellent!

This review is for a previous version of the add-on (4.4.1-signed). 

Hey Verdun, thanks for the note. Yes, we are aware the report form needs fixing - there is an open issue for that on our github site - https://github.com/danwent/Perspectives/issues/49

I have created a ticket for the feature of making requests anonymized - https://github.com/danwent/Perspectives-Server/issues/40 . Notaries do not track anything about requests, but it could be helpful to add an extra layer of assurance for that against malicious notaries.

Cheers!

Rated 5 out of 5 stars

With the trusted CA model currently in use, there's a lot of exposure for bad actors to compromise security. This app is so simple in concept yet surprisingly hasn't received much exposure. I love the idea and run a set of notary servers for the public to use.

This review is for a previous version of the add-on (4.3.8.1-signed). 

Thanks for the kind words! Here's to making the web more secure :)

Rated 5 out of 5 stars

This is one of my favorite addons. It helps in identifying potential MITM attacks and seeing when sites actually update their SSL certificates and verifying that you aren't the only one receiving a specific certificate. Everyone should use this extension, and if you have the resources please run a Notary Server!

This review is for a previous version of the add-on (4.3.4.1-signed). 

Rated 4 out of 5 stars

Unbelievable! Why didn't I think of this? Why didn't EVERYONE think of this? Perspectives solves ALL of the major weaknesses of SSL Unbelievable! With Perspectives, we don't need to trust certificate "authorities", and most importantly, we don't need to pay them anymore either! Unbelievable! Yes, oooooh yessss, this extension makes it possible for everyone to use self-signed certificates securely and safely. You no longer need to pay attention to security warnings - ignore them! Perspectives will take care of security for you, and it suppresses countless security warnings until they're really necessary and important. Tor users will love this - no more man in the middle attacks on Tor exits! Unbelievable!

So why did I only give 4 out of 5 stars? Because this is not a platform independent project. You prefer Google Chrome? Too bad. Your grandma still uses Internet Explorer? Too bad. You're a power user that uses FireFox, Opera, Chrome, IE, Konqueror, Safari, etc? Nope, you're not important either! The only extension available is only for FireFox. If you want to help the project by running notary servers - this is kind of funny - You have to do in Ubuntu and...Amazon Cloud! Yes, it's that specific, nothing else is supported. WTF?! Why bother trying to change the world if only the starbellies benefit?

Make an extension for every browser that supports extensions. Hassle the browser developers to support notary servers natively so extensions aren't even required. Put together a crossplatform solution that benefits everyone, not just people using FireFox with Ubuntu on Amazon Cloud...The whole world needs this!

This review is for a previous version of the add-on (4.3.3.1-signed). 

Hey badonfirefox, thanks for the kind words. We would definitely like to port Perspectives to other platforms, and I have plans to do so. It requires a few big internal code changes before it is possible.

For updates on new platforms please stay tuned to the Perspectives blog at http://perspectives-project.org/blog/

As for running notaries, these certainly do not have to use Ubuntu or Amazon. It's possible to run a Perspectives notary on any system that can run Python 2.7 and openssl.

If you have any questions or want some help please feel free to email me or ask on the mailing list - perspectives-dev@googlegroups.com.

Cheers!

Rated 5 out of 5 stars

Very nice extension. I love the option to automatically bypass SSL security alert if the certificate pass the notary test. Other extensions automatically bypass that alert, and they can be useful especially on intranets or testing environments, but this one do the same with the strongness of the notary system, on the open internet. Great!.

Thanks to the guys of Carnegie Mellon.

(FF 16.0a1 32-bit on win)

This review is for a previous version of the add-on (4.3.1.1-signed). 

Thank you very much for the kind words! There are even more improvements planned for the near future :)

Rated 5 out of 5 stars

With Moxie's Convergence project apparently defunct, it's great to see that the original inspiration is still being actively developed.

This review is for a previous version of the add-on (4.3.1-signed). 

Rated 2 out of 5 stars

Going back to 4.2. The Perspectives blog says that in version 4.3, "The Perspectives icon will no longer always appear on the addons bar or status bar, freeing you to only place it where you want!" The problem is now the icon *never* appears in the status bar, which is where I want it. There's no option to place it there, and the icon can't be dragged to the status bar.

This review is for a previous version of the add-on (4.3.1-signed). 

Hey there,

Sorry to hear the icon isn't where you want. It should still be possible to drag it back to the status bar. Would you mind trying these steps?

1. Make sure the status or add/on bar is being displayed by checking View -> Toolbars -> Add-on Bar
2. Once the add-on bar is visible, right-click on it and click 'Customize...'. You can also select View -> Toolbars -> 'Customize...'.
3. If the Perspectives icon is currently beside the location bar, drag it to the Add-ons bar to move it. You should be able to move the Perspectives icon around as long as the 'Customize' window is still open.
4. Once the Perspectives icon is where you like, click 'Close' on the 'Customize' window.


Please give it a try and let me know if this works. Also, what version of Firefox are you running?

Thanks!
Dave (one of the Perspective devs)

Rated 5 out of 5 stars

Great tool. I would like to see more notaries set up by other organizations.

This review is for a previous version of the add-on (4.2.1-signed).