Nov 04, 2011

What does HTTPS Everywhere add to online security?

Why is there a sudden push for HTTPS Everywhere? I realize that there are many people who don't utilize basic security steps (install patches, anti-malware, etc.) but what does HTTPS add that taking those steps and using strong passwords ignores? And if it is so important, why are HTTPS plugins not widely available for browsers other than Firefox?


I'm not sure how sudden the push for HTTPS is, but in my opinion it is a good thing.  HTTPS means that your browser connection is secure, hence the "S".  That is usually the case when you log in at most sites anyway, but the problem is that after login, they usually revert back to an unsecured HTTP connection.  I assume that the plugin is available for Firefox because of the Firesheep plugin exists for Firefox.  Firesheep examines network traffic and searches for unsecure cookies that it can use to spoof your username/password.  The HTTPS Everywhere campaign is a push by the Electronic Freedom Foundations to both encourage individuals to use the HTTPS Everywhere plugin for Firefox and encourage popular website to provide secure connections.  

Hi wstark,

HTTPS Everywhere is one attempt at improving web security for browser users. Here's a good article that covers it and that has a download link.

HTTPS Everywhere

"A collaboration between the Electronic Frontier Foundation and the Tor Project (which employs a network and free software to help protect people's privacy), HTTPS Everywhere ensures that when you visit certain sites, all of your communications are encrypted and secure.

To use it, all you need to do is install it. Once you do that, HTTPS Everywhere does its work invisibly. Among the sites it works on are Facebook, Twitter, Google Search, Wikipedia, Paypal, the New York Times, the Washington Post, and others. It works only when the sites themselves use the HTTPS protocol, and works only on a group of specific sites. So it won't protect you everywhere. And it won't protect you when you use other Internet services, such as an instant messaging client, or use client-based email such as Outlook."
Answer this