Use EFF's Firefox Add-on To Encrypt Your Web Browsing
EFF and the Tor Project offer security and enhanced privacy with this Firefox add-on. If you use Firefox, you should download the plug-in immediately.
By Ms. Smith on Mon, 06/21/10 - 12:24pm.
HTTPS Everywhere is a Firefox extension recently released as a public beta by the ever-diligent EFF and the Tor Project. The add-on encrypts your web communication with several major websites that support HTTPS connection, but that may not normally default to an encrypted page. HTTPS Everywhere is great news that can provide enhanced security and privacy for individuals who use it. Get it now.
The Firefox add-on was inspired by the launch of Google's encrypted search option. By default, Google search is unencrypted unless you type HTTPS before your query. After installing the Firefox HTTPS Everywhere plug-in, Google search will load automatically with HTTPS. Keep in mind that using encryption for your searches does not stop Google from logging your queries; a government or civil litigant could still obtain your search records from Google.
An unencrypted site which has a URL that begins with "http://" will use port 80 by default, but URLs that start with "https://" use port 443 by default. HTTPS is often used to secure a connection over an insecure network like the Internet. Applications that use sensitive information, such as banking or other payment transactions, need to encrypt data to ensure data integrity and confidentiality as well as to prevent data tampering. SSL (Secure Socket Layer) and TLS (Transport Layer Security) are cryptogaphically secure and provide reasonable protection from eavesdropping and man-in-the-middle attacks. Note, however, that HTTPS can be exploited and does not provide 100% guaranteed protection.
Many websites offer some limited support for encryption over HTTPS. The problem arises when the site defaults to an unencrypted page or when a secure page has links that return you to the unencrypted site. This is where the HTTPS Everywhere extension really helps to protect you. The Firefox plug-in rewrites all requests to HTTPS to fix the vulnerability caused by jumping between HTTP to HTTPS.
Keep in mind, however, that some sites contain content from third party domains that are not available over HTTPS. Vulnerabilities remain to hacking attacks, various forms of eavesdropping, or traffic analysis if the Firefox browser lock icon in the bottom-right corner is broken or if it carries an exclamation mark. Using HTTPS Everywhere will make the effort to monitor your browsing significantly more difficult.
Encrypting your connection via HTTPS is beneficial for everyone whether people use public Wi-Fi hotspots or not.
Installing the add-on will connect you securely and automatically to the following sites: DuckDuckGo, EFF, Facebook, Google Search, Google Services, Identica, Ixquick, Mozilla, NYTimes, PayPal, Scroogle, Torproject, Twitter, The Washington Post, Wikipedia, GentooBugzilla and Noisebridge.
Rulesets can be written for the HTTPS Everywhere Firefox plug-in to switch sites over from HTTP to HTTPS automatically. These rulesets are xml files in which the "from" and "to" clauses are JavaScript expressions, ranging from very simple to defining the rules in a slightly more complicated way. Additionally, matchrules or exclusions to domains which do not support HTTPS can be written into rulesets. To test after writing rulesets, place it in the HTTPSEverywhereUserRules/ subdirectory in your Firefox profile directory and then restart Firefox. Test to check your ruleset for any issues with the way the site supports HTTPS, indicated by messages in the Firefox Error.
To learn more about creating xml files to be used as HTTPS Everywhere rulesets, visit the EFF.
I wish Microsoft's IE had an add-on to encrypt...
Check out these other posts from Microsoft Subnet
- All of today's Microsoft news and blogs
- Microsoft, Where Is Your Privacy Dashboard?
- HP takes on Microsoft on application security
- Microsoft, users say Google security researcher put Windows customers at risk
- Using Network Access Protection Outside of Windows
- Resolving Bluescreens in Windows 2008 R2 on Nehalem Processors
- Will iPhone 4's FaceTime See Much Face Time?
- Watch out Google: Microsoft delivers free Office Web Apps one week early
- Startup solves Microsoft's Hyper-V storage problem
Like RSS? Subscribe to all Microsoft Subnet bloggers. Like e-mail? Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.) Like Twitter? Follow All Microsoft Subnet bloggers on Twitter
- About Privacy and Security Fanatic
Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. Smith has a diverse background in information technology, programming, web development, IT consulting, and information security. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.
Smith is an independent contractor and is not affiliated with any vendor that makes or sells information technology.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited
Most Discussed Posts
- On The Web
- Follow me on Twitter
-
Network World, Inc
The Connected Enterprise