Feeds

Firefox add-on does 'HTTPS Everywhere'

Well, everywhere possible

Next gen security for virtualised datacentres

The Electronic Frontier Foundation and The Tor Project have teamed up to offer a Firefox add-on that beefs up https on several major websites, including Google.com, Wikipedia, Twitter, Facebook, and PayPal.

Currently in beta, HTTPS Everywhere is designed to make encryption easier to use on sites offering at least partial SSL support. Google, for instance, still defaults to unencrypted search, but the EFF's add-on automatically takes you to the https incarnation.

"Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use," says the EFF. "For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS."

The code behind the add-on is based in part on the Strict Transport Security (STS) response header put together by the NoScript project. "HTTPS Everywhere aims to have a simpler user experience than NoScript, and to support complex rewriting rules that allow services like Google Search and Wikipedia to be redirected to HTTPS without breaking anything."

Google rolled out an https version of its search engine late last month, announcing the move in the same blog post in which it admitted that its Street View cars had been collecting payload data from unsecured Wi-Fi networks across the planet. Normally, to use SSL-ed Google Search, you must specifically visit https://www.google.com (note the "s").

After installing the HTTPS Everywhere add-on, if you visit http://www.google.com (no "s"), you will automatically be taken to the SSL version. The same is true for sites such as Wikipedia, Twitter, Facebook, The New York Times, The Washington Post, Paypal, the privacy-minded search engine Ixquick, and, well, EFF and Tor. And once you're onto secure versions of these sites, the plug-in attempts to keep your traffic within these sites encrypted as you move from page to page.

You can also modify the add-on's rule-set to include additional sites not covered at install. You can download the add-on here. ®

The essential guide to IT transformation

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
Time to move away from Windows 7 ... whoa, whoa, who said anything about Windows 8?
Start migrating now to avoid another XPocalypse – Gartner
You'll find Yoda at the back of every IT conference
The piss always taking is he. Bastard the.
HANA has SAP cuddling up to 'smaller partners'
Wanted: algorithm wranglers, not systems giants
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.