Feeds

Firefox add-on does 'HTTPS Everywhere'

Well, everywhere possible

Secure remote control for conventional and virtual desktops

The Electronic Frontier Foundation and The Tor Project have teamed up to offer a Firefox add-on that beefs up https on several major websites, including Google.com, Wikipedia, Twitter, Facebook, and PayPal.

Currently in beta, HTTPS Everywhere is designed to make encryption easier to use on sites offering at least partial SSL support. Google, for instance, still defaults to unencrypted search, but the EFF's add-on automatically takes you to the https incarnation.

"Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use," says the EFF. "For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS."

The code behind the add-on is based in part on the Strict Transport Security (STS) response header put together by the NoScript project. "HTTPS Everywhere aims to have a simpler user experience than NoScript, and to support complex rewriting rules that allow services like Google Search and Wikipedia to be redirected to HTTPS without breaking anything."

Google rolled out an https version of its search engine late last month, announcing the move in the same blog post in which it admitted that its Street View cars had been collecting payload data from unsecured Wi-Fi networks across the planet. Normally, to use SSL-ed Google Search, you must specifically visit https://www.google.com (note the "s").

After installing the HTTPS Everywhere add-on, if you visit http://www.google.com (no "s"), you will automatically be taken to the SSL version. The same is true for sites such as Wikipedia, Twitter, Facebook, The New York Times, The Washington Post, Paypal, the privacy-minded search engine Ixquick, and, well, EFF and Tor. And once you're onto secure versions of these sites, the plug-in attempts to keep your traffic within these sites encrypted as you move from page to page.

You can also modify the add-on's rule-set to include additional sites not covered at install. You can download the add-on here. ®

Boost IT visibility and business value

More from The Register

next story
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Why has the web gone to hell? Market chaos and HUMAN NATURE
Tim Berners-Lee isn't happy, but we should be
Microsoft boots 1,500 dodgy apps from the Windows Store
DEVELOPERS! DEVELOPERS! DEVELOPERS! Naughty, misleading developers!
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Uber, Lyft and cutting corners: The true face of the Sharing Economy
Casual labour and tired ideas = not really web-tastic
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.