HTTPS Everywhere

HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. 

The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS. The Web is an insecure place and getting more insecure all the time. The latest threat, the Firesheep add-in for Firefox, is particularly dangerous because it is exceedingly simple to use. Someone with absolutely no hacking experience can grab your private login information to sites such as Facebook and Amazon, and then log in as you and do anything they want, as if they were you. The free Firefox add-in HTTPS Everywhere helps protect against that threat and other privacy invaders by effectively encrypting information when you visit certain Web sites.

A collaboration between the Electronic Frontier Foundation and the Tor Project (which employs a network and free software to help protect people's privacy), HTTPS Everywhere ensures that when you visit certain sites, all of your communications are encrypted and secure.

To use it, all you need to do is install it. Once you do that, HTTPS Everywhere does its work invisibly. Among the sites it works on are Facebook, Twitter, Google Search, Wikipedia, Paypal, the New York Times, the Washington Post, and others. It works only when the sites themselves use the HTTPS protocol, and works only on a group of specific sites. So it won't protect you everywhere. And it won't protect you when you use other Internet services, such as an instant messaging client, or use client-based email such as Outlook.

How many of the web sites that you visit are secure? We have all got into the habit of looking out for the padlock icon in the address bar that indicate we are visiting a secure site when making online payment and performing other tasks online, but many of us give little though to the matter when we are not parting with money. HTTPS Everywhere is a free extension that is available for Firefox and Chrome that can be used to ensure that you are always using a secure connection to visit sites.

You can improve your security when browsing the web by opting to visit the secure, encrypted version of a web site rather than the standard one. This usually involves little more than changing the http part of the URL to read https instead, but this is something that few people could be bothered with doing on an on-going basis. HTTPS Everywhere can do the hard work for you, automatically redirecting your web browser to a secure version of a web site whenever there is one available.

This is not an extension that is compatible with every web site that you may want to visit, but support is growing. It is not a magic solution that cures all privacy and security issues, but anything that helkps to improve things even a little is to be welcomed, and as this is so simple and unobtrusive to use, there’s certainly so hardship involved in having it installed to see what it can do for you.

It is possible to create your own additions to the tool by creating ‘rulesets’. These are simple little XML files that can be used to automatically redirect your web browser from the regular version of a web site to the secure version. Wildcards can be used to save having to write rules that are too complex and to cater for sites that make use of subdomains. Should you find that adding a ruleset causes a site to fails to function correctly, it is possible to temporarily disable it.