After a year of beta testing the Electronic Frontier Foundation’s HTTPS Everywhere Firefox add-on has reached stable, 1.0 status. The HTTPS Everywhere extension makes it easy to ensure you’re connecting to secure sites by rewriting all requests to an HTTPS URL whenever you visit one of the sites HTTPS Everywhere supports.
If you’re using Firefox, head over to the EFF’s website and install HTTPS Everywhere. If you’re not using Firefox you’re unfortunately out of luck. The limited add-on APIs of browsers like Chrome and Safari mean that HTTPS Everywhere can’t be ported to those platforms (see the HTTPS Everywhere site for more info).
Why all the fuss about HTTPS? Well, every time you log in to Twitter, Facebook or any other service that uses a plain HTTP connection, you expose your data to the world. It’s a bit like writing your username and password on a postcard and dropping it in the mailbox.
With HTTPS Everywhere installed, if you type, for example, “twitter.com” in the Firefox URL bar, the browser will automatically connect to https://twitter.com rather than http://twitter.com. Think of an HTTPS connection as an envelope to protect your postcard from prying eyes.
With the 1.0 release, HTTPS Everywhere now supports some 1000 websites, including the web’s most popular like Google Search, Facebook and Wikipedia. One thing to keep in mind though, not every website supported serves all of its content over HTTPS, which can still leave you open to some vulnerabilities (the Chrome web browser now warns when a site serves HTTP content alongside HTTPS, a feature other browsers will hopefully copy).
Still, even if not every website supports HTTPS completely, Firefox with HTTPS Everywhere is more secure than most browser setups. If you’re using Firefox anyway, it’s well worth installing HTTPS Everywhere, particularly if you frequently use wifi networks you don’t control.