Encrypt Your Web Browsing With HTTPS Everywhere [Firefox]

Ads by Google

firefox logo   Encrypt Your Web Browsing With HTTPS Everywhere [Firefox]HTTPS Everywhere is one of those extensions that only Firefox makes possible. Developed by the Electronic Frontier Foundation, HTTPS Everywhere automatically redirects you to the encrypted version of websites. It works on Google, Wikipedia and other popular websites.

Encryption ensures no one can eavesdrop on your web browsing. Whether you’re searching on Google, browsing Wikipedia or sending private messages on Facebook, your information is sent in the clear if you’re not using encryption.

Getting the Extension

You won’t find HTTPS Everywhere in the official Firefox add-ons gallery; you’ll have to get it directly from the Electronic Frontier Foundation’s site. Just go to the HTTPS Everywhere page and click the big Install HTTPS Everywhere button.

install   Encrypt Your Web Browsing With HTTPS Everywhere [Firefox]

Taking a Tour

HTTPS Everywhere adds a button to Firefox’s toolbar; you can click the button to view its status and change its settings. Let’s head over to MakeUseOf with HTTPS Everywhere installed and see what it does.

muo https   Encrypt Your Web Browsing With HTTPS Everywhere [Firefox]

HTTPS Everywhere is enforcing encrypted connections to many services we use on MakeUseOf, although many may use encryption by default. With HTTPS Everywhere, you don’t depend on the webmaster to set up their site properly; you get encryption everywhere you go — with every service that supports it, of course.

Ads by Google

Plug a search into the Google search box included with Firefox and you’ll go straight to Google’s encrypted search page. Any searches you make with Google’s HTTPS site are encrypted before they’re sent to Google, so no one can eavesdrop on them. Without the extension, people on public Wi-Fi networks can see all your searches.

google   Encrypt Your Web Browsing With HTTPS Everywhere [Firefox]

Sure, you could head over to encrypted.google.com and start your search from there, maybe even install a search plug-in for Google’s encrypted search engine and use that instead. But HTTPS Everywhere does everything for you.

Click a link to Wikipedia and you’ll see the same thing. HTTPS Everywhere turns every Wikipedia link on the web into a link to Wikipedia’s secure, encrypted site.

wikipedia   Encrypt Your Web Browsing With HTTPS Everywhere [Firefox]

What It Really Does

So what does HTTPS Everywhere actually do? We can sneak a peek at our web browsing traffic with WireShark and see for ourselves.

Let’s plug “super secret search” into Google’s normal, unencrypted search engine. With Wireshark capturing our traffic, this is what we see:

wireshark 1 arrows   Encrypt Your Web Browsing With HTTPS Everywhere [Firefox]

There it is. Our super secret search is being sent in plain text for all the world to see. On an open Wi-Fi network? People around you can see your super secret search. Now imagine you’re sending a private message on Facebook and you’ll see why this is important. Facebook has a secure browsing option, but having HTTPS Everywhere installed will automatically enable it for you. You won’t have to worry about finding the option on every website you use.

Now let’s turn on HTTPS Everywhere and perform the search again. HTTPS Everywhere automatically uses Google’s encrypted search engine.

wireshark 2   Encrypt Your Web Browsing With HTTPS Everywhere [Firefox]

Our communication with Google is happening over HTTPS now. An eavesdropper can see we’re contacting Google’s servers, but that’s all they can see — they don’t know the specific page we’re using or what type of data is getting sent back and forth.

Tools like Firesheep do the same sort of thing, but with an easier-to-use interface. You don’t have to understand networking to snoop with Firesheep.

Configuration

HTTPS Everywhere has a pretty barebones configuration screen. You can see the list of websites it supports and disable them if you encounter problems. You can also enable rules that are disabled by default, possibly because they break certain features on a site.

https everywhere preferences   Encrypt Your Web Browsing With HTTPS Everywhere [Firefox]

Want to add your own HTTPS Everywhere rules? You can’t do that from this window, but the EFF has a guide for doing that yourself. Bear in mind that you can only enable HTTPS for a site if that site has an HTTPS version that isn’t used by default. HTTPS Everywhere includes most popular sites that have HTTPS versions, so you probably shouldn’t have to create any rules yourself.

Other Web Browsers

Like the idea, but use another web browser? No other browser has the extensions framework that makes HTTPS Everywhere possible. Google Chrome is closest to getting there, but Internet Explorer and Safari users are out of luck.

If you use Chrome, you can try KB SSL Enforcer, which we’ve covered here. KB SSL Enforcer doesn’t work as well as HTTPS Everywhere; it fetches the HTTP page before the HTTPS page. The EFF promises to release HTTPS Everywhere for Chrome when Chrome’s extension framework evolves to make it possible.

HTTPS Everywhere is definitely a compelling reason to switch to Firefox if you use another web browser — or is it? Do you prefer another browser anyway? Let us know in the comments.

Ads by Google

4 Comments - Write a Comment

Reply

Arthur McKenzie

I’ve been using HTTPS Everywhere for almost a year now and feel that it should be an integral part of all Firefox installations. But since it doesn’t work on all sites, I also use addition protection in the form of Keyscrambler and Browser Protect.

Chris Hoffman

Thanks for the tips!

More websites should really default to HTTPS to protect user’s privacy, then HTTPS Everywhere wouldn’t be necessary at all.

Reply

Wanted Maniac

Apart from using ‘HTTPS’ as an encryption, does browsing on Private-Proxy-Servers also have encryption which couldnot be sniffed?

Chris Hoffman

Assuming the proxy itself uses HTTPS and has encryption, yes. I believe it’s possible for proxies to not use HTTPS encryption, although I’m not sure how common this is. Just ensure you’re using a proxy that’s using HTTPS.

Bear in mind that this only means the connection between you and the proxy can’t be sniffed. In other words, if you were using an encrypted proxy, went to an unencrypted Google page, and searched for “waffles,” your Internet service provider and anyone monitoring the traffic between you and the proxy wouldn’t know that you were viewing Google or searching for waffles. However, anyone monitoring the outgoing traffic from the proxy would see the “waffles” search — this is why complete, end-to-end encryption with websites is important, even when accessing them via proxies.

Your comment