A Firefox and Chrome extension that encrypts your webpages.
The extension is the result of a collaboration between the Electronic Frontier Foundation (EFF) and the Tor Project. It’s designed to rewrite requests to websites with HTTPS and automatically use encrypted connections, instead of using the default HTTP.
An HTTPS connection protects the data sent between your computer and the website’s server, however it doesn’t conceal the identity of the website you’re accessing. Anyone observing you online would be able to see that you are looking at a certain website, but might not be able to see which part of the website you’re viewing.
HTTPS Everywhere works using a whitelist of HTTPS-enabled sites. A lot of online content isn’t currently available over HTTPS, however this feature can be activated by the site operator. HTTPS Everywhere users who frequently visit web pages without HTTPS capabilities can ask the site operators to enable this feature, so they can connect securely using HTTPS Everywhere. Once HTTPS has been enabled on a particular site, the user can create a ruleset for HTTPS Everywhere that redirects the website from an HTTP connection to an HTTPS encrypted connection.
The EFF are a non-profit created to defend people’s right to digital freedom. They have released white papers, freedom-orientated technology, and been involved in legal cases concerning digital rights. The Tor project are behind the Tor software, which enables users to browse the internet and use services like IM anonymously.
The developers give the following explanation on their website about how HTTPS Everywhere protects users:
HTTPS Everywhere depends entirely on the security features of the individual web sites that you use; it activates those security features, but it can’t create them if they don’t already exist. If you use a site not supported by HTTPS Everywhere or a site that provides some information in an insecure way, HTTPS Everywhere can’t provide additional protection for your use of that site. Please remember to check that a particular site’s security is working to the level you expect before sending or receiving confidential information, including passwords.
The extension’s code is based on that used for NoScript, an extension for Mozilla-based browsers that performs the same function. HTTPS Everywhere is designed to be more user-friendly, and has more complex functions, such as redirecting Google or Wikipedia to an HTTPS encrypted connection without breaking the page.
The HTTPS Everywhere ruleset is available for developers to hack, and users are currently working on versions for IE and Opera (currently, Safari’s API doesn’t let developers securely rewrite HTTP connections to HTTPS).
When using Chrome and Firefox, you can tell whether a website is using an encrypted connection using the browser indicators. Chrome uses a padlock symbol that shows a closed padlock when using HTTPS, and an open padlock or a lock icon with an exclamation mark when the connection might be vulnerable. Firefox uses a color scale, where a blue or green indicator on the left of the address bar indicates a secure HTTPS connection.