Author Topic: HTTPS Everywhere is a Firefox extension that encrypts certain sites  (Read 1659 times)

0 Members and 1 Guest are viewing this topic.

Software Santa

  • Administrator
  • *****
  • Posts: 4275
  • OS:
  • Mac OS X 10.6 Mac OS X 10.6
  • Browser:
  • Firefox 3.6.12 Firefox 3.6.12
HTTPS Everywhere is a Firefox extension that encrypts certain sites

Suggested by Software Santa's good Buddy "Elysium"

Quote
HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.

Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.

The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

The plugin currently works for:

    * Google Search
    * Wikipedia
    * Twitter
    * Facebook
    * bit.ly
    * GMX
    * Wordpress.com blogs
    * The New York Times
    * The Washington Post
    * Paypal
    * EFF
    * Tor
    * Ixquick


(and many other sites)

Sadly, many sites still include a lot of content from third party domains that is not available over HTTPS. As always, if the browser's lock icon is broken or carries an exclamation mark, you may remain vulnerable to some adversaries that use active attacks or traffic analysis. However, the effort that would be required to eavesdrop on your browsing should still be usefully increased.

HTTPS Everywhere can protect you only when you're using sites that support HTTPS and for which HTTPS Everywhere includes rules. If sites you use don't support HTTPS, ask the site operators to add it; only the site operator is able to enable HTTPS support on a the site. There is more information and helpful instruction in the EFF article How to Deploy HTTPS Correctly.

If HTTPS Everywhere doesn't include rules for a site you use, you can ask us or learn how to create them.

Answers to common questions may be on the frequently asked questions page.


The 0.9.x release

The 0.9.0 release of HTTPS Everywhere is a new beta version designed to offer improved protection against Firesheep. Most notably, it can provide much better protection for Facebook, Twitter and Hotmail accounts, as well as completely new protection for bit.ly, Dropbox, Amazon AWS, Evernote, Cisco and Github. Unfortunately, in order to obtain maximum Firesheep protection, especially on Facebook, you must take two extra steps:

    * Turn on the "Facebook+" rule. You can do that in the Tools->Add Ons->HTTPS Everywhere->Preferences menu. It isn't on by default, because it can cause Facebook Apps to raise errors. We're still waiting for Facebook to fix this, and the chat problem :(.
    * Install the Adblock Plus Firefox extension too, and use it to block the insecure http:// adds and trackers that Facebook (and other sites) sometimes include.

Development And Writing your own Rulesets

You can help us test forthcoming rulesets and features by installing the development branch of the extension.

Send feedback on this project to the https-everywhere AT eff.org mailing list. You can also subscribe.

HTTPS Everywhere uses small ruleset files to define which domains are redirected to https, and how.

https://eff.org/https-everywhere
« Last Edit: April 03, 2011, 10:21:33 AM by Software Santa »