The HTTPS Everywhere extension, available in beta, forces Firefox to create SSL/TLS-encrypted connections between your browser and a number of popular Web sites that support – but do not require – secure connections. The extension goes beyond a simple secured login by forcing all connections to use SSL/TLS for those Web sites.
The HTTPS Everywhere extension is a joint creation of the Electronic Frontier Foundation and The Tor Project, a network of coordinated servers designed to promote anonymity and confound tracing. The extension is an implementation of a nifty new standard in the works called Strict Transport Security (STS) that defines how to keep a constant secure connection while traversing a Web site, and warning the user when there’s a problem.
HTTPS Everywhere isn’t about security so much as privacy at the moment: the sites included in the launch include Google Search (in beta with a secured site), Twitter, Facebook, The New York Times, and others. Surfing content at these sites over public Internet connections, like Wi-Fi hotspots, can leak information you’d prefer was kept private, even if it’s not credit card and social security numbers.
While you can employ a VPN or use a service like Anonymizer, direct browser-to-server encrypted connections require no third parties, and no extra effort. But unless you remember to bookmark the secure entry point to these sites, you might forget and use an unencrypted link. And, content sites don’t always set all internal links on a Web page to use https URLs correctly, even when you’re on the secure site.
With HTTPS Everywhere, links are invisibly rewritten from http to https to encrypt all communications with supported sites. You can extend the extension by adding more rules of your own, too.