The EFF and the Tor Project, have launched a firefox extention called HTTPS Everywhere for a little safer browsing. EFF and Tor are major players in the privacy scene and have combined their efforts in creating an extension that encrypts firefox users’ browser communications on several prominent websites.
Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.
The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.
Note that some of those sites still include a lot of content from third party domains that is not available over HTTPS. As always, if the browser’s lock icon is broken or carries an exclamation mark, you may remain vulnerable to some adversaries that use active attacks or traffic analysis. However, the effort required to monitor your browsing should still be usefully increased.
The plugin currently works for:
- Google Search
- Wikipedia
- The New York Times
- The Washington Post
- Paypal
- EFF
- Tor
- Ixquick
(and many other sites)
If you are a current NoScript user, you can do the same thing that HTTPS Everywhere does, but it’s on a per site basis. The nice thing about HTTPS Everywhere is that it does it automatically, which is a plus for less technically inclined users. HTTPS Everywhere is also partially based upon NoScript so, no matter which extension you use, you can provide more privacy and security for yourself.
You can get the extension here.
Comments