Skip to main content

EFF and Access launch HTTPS Now privacy project

The Electronic Frontier Foundation, in partnership with digital human rights campaign group Access, has announced a new project with which it hopes to promote the cause of privacy on the Internet.

The EFF's HTTPS Now project aims to help ensure that the increasing amount of personal information people are submitting to websites is kept secure through the use of encrypted HTTPS sessions - preventing 'snooping' on traffic by ISPs, advertisers, spies, governments, and other anti-privacy ne'er-do-wells.

"We've heard a lot about how malicious tools like Firesheep can be used to steal data, including passwords for email and social networking accounts," explained EFF member and privacy activist Eva Galperin at the project's launch. "HTTPS Now is aimed at protecting users from attacks like these by spreading the word about HTTPS and how to use it correctly."

The project's main thrust takes the form of a database of sites ranked according to the level of information security they offer. Visitors are encouraged to add their usual destinations to the database, marking sites on the use of technologies like Strict Transport Security, secure cookies, and the key length used to generate certificates and secure information.

Visitors with less in-depth knowledge can enter their favourite website into the site's in-built search box and receive an easy-to-read report which highlights the level of security offered for that person's private information - with more green ticks meaning better security.

"We want to make it easier for web users to get the security they need and deserve, but we can't do it alone," claimed Access's Jochai Ben-Avie. "We need an accurate picture of the state of HTTPS on the Internet. After that, we can target website operators and make it easy for them to update their sites. Working together, we can all be safer from identity theft, security threats, viruses, and other things that come from an insecure Internet."

The HTTPS Now site joins the EFF's previous pro-privacy project, HTTPS Everywhere - a plugin developed by the EFF and the Tor Project which attempts to force HTTPS connections on sites where such functionality is offered but not enforced. Sites where such security is optional - including social networking giants Facebook and Twitter, which have both introduced optional HTTPS encryption that requires a flag to be set in the user's profile page - are thus rendered more secure through the plugin's efforts, the EFF claims.

The EFF's efforts come at a time when data security is receiving renewed interest from the masses: from Apple's tracking of iPhone and iPad locations without explicit user consent to the Crown Prosection Service declining to punish BT or Phorm for infringing users' right to privacy for the purposes of targeted advertising, increasing numbers of people are paying more attention to the information they submit to websites - and what those sites do with that information once it's received.

Sadly, encrypting the connection is only half the battle. As we saw recently with the release of the Creepy app, which harvests geolocation information from social networking sites like Twitter for display on a map, plenty of users are happy to submit private information for public consumption - often as a result of a lack of understanding regarding the ease of access by strangers. HTTPS encryption can keep data safe in transit, but unless users pay more attention to the terms and conditions of the sites they use is unlikely to help enhance their overall privacy.

While it will take a concerted effort to see HTTPS adopted everywhere, the HTTPS Now project is certainly a step in the right direction. More information, plus access to the database, is available on the HTTPS Now website - over an encrypted connection, naturally.