Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals
1 comment

HTTPS Everywhere Enables Easy Encryption

The HTTPS Everywhere extension, available in beta, forces Firefox to create SSL/TLS-encrypted connections between your browser and a number of popular Web sites that support – but do not require – secure connections. The extension goes beyond a simple secured login by forcing all connections to use SSL/TLS for those Web sites.

The HTTPS Everywhere extension is a joint creation of the Electronic Frontier Foundation and The Tor Project, a network of coordinated servers designed to promote anonymity and confound tracing. The extension is an implementation of a nifty new standard in the works called Strict Transport Security (STS) that defines how to keep a constant secure connection while traversing a Web site, and warning the user when there’s a problem.

HTTPS Everywhere isn’t about security so much as privacy at the moment: the sites included in the launch include Google Search (in beta with a secured site), Twitter, Facebook, The New York Times, and others. Surfing content at these sites over public Internet connections, like Wi-Fi hotspots, can leak information you’d prefer was kept private, even if it’s not credit card and social security numbers.

While you can employ a VPN or use a service like Anonymizer, direct browser-to-server encrypted connections require no third parties, and no extra effort. But unless you remember to bookmark the secure entry point to these sites, you might forget and use an unencrypted link. And, content sites don’t always set all internal links on a Web page to use https URLs correctly, even when you’re on the secure site.

With HTTPS Everywhere, links are invisibly rewritten from http to https to encrypt all communications with supported sites. You can extend the extension by adding more rules of your own, too.

The HTTPS Everywhere extension relies on code from NoScript, a tool for choosing which scripts and languages are allowed to run in your browser, including Java, JavaScript, Flash, and others. NoScript includes a feature that lets you force https connections for specific Web sites.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About HTTPS Everywhere Enables Easy Encryption