HTTPS Everywhere

HTTPS Everywhere
Developer(s)	The Tor Project and the Electronic Frontier Foundation
Stable release	Firefox: 5.1.9 / 10 May 2016; 7 years ago
Development status	Active
Written in	JavaScript
Type	Browser extension
License	GNU GPL v3+ (most code is v2 compatible)
Website	eff.org/https-everywhere
As of	April 2014

HTTPS Everywhere is a free and open source web browser extension for Google Chrome, Mozilla Firefox and Opera, a collaboration by The Tor Project and the Electronic Frontier Foundation (EFF).^[3] It automatically makes websites use the more secure HTTPS connection instead of HTTP, if they support it.^[4]

Development

HTTPS Everywhere was inspired by Google's increased use of HTTPS,^[5] and is designed to make HTTPS automatically used whenever possible.^[6] The code in part is based on NoScript's HTTP Strict Transport Security implementation, but HTTPS Everywhere is intended to be simpler to use than NoScript.^[7] The EFF provides information for users on how to add HTTPS rulesets to HTTPS Everywhere,^[8] and information on which websites support HTTPS.^[9]

Platform support

A public beta of HTTPS Everywhere for Firefox was released in 2010,^[10] and version 1.0 was released in 2011.^[11] A beta for Google Chrome was released in February 2012.^[12] In 2014, a version was released for Android phones.^[13]

SSL Observatory

The SSL Observatory is a feature in HTTPS Everywhere introduced in version 2.0.1^[12] which analyzes public key certificates to determine if certificate authorities have been compromised,^[14] and if the user is vulnerable to man-in-the-middle attacks.^[15] The ICANN Security and Stability Advisory Committee (SSAC) notes that the dataset used by the SSL Observatory often treats intermediate authorities as different entities, thus inflating the number of certificate authorities. The SSAC criticizes SSL Observatory for potentially significantly undercounting internal name certificates, and notes that it uses a data set from 2010.^[16]

Reception

Two studies have recommended building in HTTPS Everywhere functionality into Android browsers.^[17]^[18] In 2012, Eric Phetteplace described it as "perhaps the best response to Firesheep-style attacks available for any platform".^[19] In 2011, Vincent Toubiana and Vincent Verdot pointed out some drawbacks of the HTTPS Everywhere plugin, including that the list of services which support HTTPS needs maintaining, and that some services are redirected to HTTPS even though they are not yet available in HTTPS, not allowing the user of the extension to get to the service.^[20]

References

↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ HTTPS Everywhere Development Electronic Frontier Foundation
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Kate Murphy: New hacking tools pose bigger threats to Wi-Fi users. The New York Times, February 17, 2011.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found..
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ ^12.0 ^12.1 Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Kern, M. Kathleen, and Eric Phetteplace. "Hardening the browser." Reference & User Services Quarterly 51.3 (2012): 210-214. http://eprints.rclis.org/16837/
↑ Lua error in package.lua at line 80: module 'strict' not found.

[changelog-1] Lua error in package.lua at line 80: module 'strict' not found.

[2] HTTPS Everywhere Development Electronic Frontier Foundation

[3] Lua error in package.lua at line 80: module 'strict' not found.

[4] Lua error in package.lua at line 80: module 'strict' not found.

[5] Lua error in package.lua at line 80: module 'strict' not found.

[6] Kate Murphy: New hacking tools pose bigger threats to Wi-Fi users. The New York Times, February 17, 2011.

[7] Lua error in package.lua at line 80: module 'strict' not found.

[8] Lua error in package.lua at line 80: module 'strict' not found.

[9] Lua error in package.lua at line 80: module 'strict' not found..

[10] Lua error in package.lua at line 80: module 'strict' not found.

[11] Lua error in package.lua at line 80: module 'strict' not found.

[SSLObservatory-12] 12.0 ^12.1 Lua error in package.lua at line 80: module 'strict' not found.

[13] Lua error in package.lua at line 80: module 'strict' not found.

[14] Lua error in package.lua at line 80: module 'strict' not found.

[15] Lua error in package.lua at line 80: module 'strict' not found.

[16] Lua error in package.lua at line 80: module 'strict' not found.

[17] Lua error in package.lua at line 80: module 'strict' not found.

[18] Lua error in package.lua at line 80: module 'strict' not found.

[19] Kern, M. Kathleen, and Eric Phetteplace. "Hardening the browser." Reference & User Services Quarterly 51.3 (2012): 210-214. http://eprints.rclis.org/16837/

[20] Lua error in package.lua at line 80: module 'strict' not found.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

HTTPS Everywhere

Contents

Development

Platform support

SSL Observatory

Reception

See also

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools