Skip to main content

EFF promises a safer web with HTTPS Everywhere

The Electronic Frontier Foundation has launched the first official version of HTTPS Everywhere, a Firefox plug-in which it says helps secure web browsing by encrypting connections to more than 1,000 popular web sites.

The browser widget has been in beta since June 2010 and protects against nasties like search hijacking using carefully crafted rules to switch those sites from HTTP to the more secure HTTPS.

"HTTPS secures web browsing by encrypting both requests from your browser to websites and the resulting pages that are displayed," said EFF techie Peter Eckersley. "Without HTTPS, your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking.

"EFF created HTTPS Everywhere to make it easier for people to keep their user names, passwords, and browsing histories secure and private. With the revelation that companies like Paxfire are out there, intercepting millions of people's searches without their permission, this kind of protection is indispensable."

HTTPS Everywhere 1.0 encrypts connections to Google Image Search, Flickr, Netflix, Apple, and news sites like NPR and the Economist, as well as dozens of banks, which really shouldn't need a third-party solution to their own security.

It also includes support for Google Search, Facebook, Twitter, Hotmail, Wikipedia, the New York Times, and 'hundreds of other popular websites.'

"More websites should implement HTTPS to help protect their users from identity theft, viruses, and other security threats," said spokesEFFer Seth Schoen. "Our Firefox extension is able to protect people using Google, DuckDuckGo or StartingPage for their searches. But we currently can't protect Bing and Yahoo users, because those search engines do not support HTTPS."

The beta has been downloaded a million times and the 1.0 release can be found here. Web site administrators looking for advice on how to implement HTTPS might also want to have a gander at this.