Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

The new HTTPS Everywhere Firefox extension

nsane.forums

By nsane.forums
in Security & Privacy News

Recommended Posts

nsane.forums

nsane.forums

Posted
Posted

The Electronic Frontier Foundation, in a cooperation with the Tor Project, has released a beta version of the "HTTPS Everywhere" Firefox extension. The extension helps users encrypt their traffic to a small, but growing number of high profile sites, by forcing full-session HTTPS connections.

According to the EFF's announcement, the extension currently works on the following sites:

  • Google Search, Wikipedia, Twitter, Facebook, The New York Times, The Washington Post, Paypal, EFF, Tor, Ixquick

Does "HTTPS Everywhere" really mean "Privacy Everywhere"? Not necessarily, and here's why it may leave a lot of users with a false feeling of privacy:
  • Full-session HTTPS may prevent interception of some of your activities — unless of course there's a weak link somewhere — however, it doesn't hide your IP, doesn't use any sort of mixing tactics, potentially allowing the leak of personally identifiable information to Google, and doesn't prevent alternative tracking activities from taking place
  • Broken SSL sessions displaying unencrypted third party content, allow active tracking and monitoring to take place as well
  • Forcing a full-session on a popular social networking service such as Facebook for instance, without taking into consideration the fact that SSL would not magically make all the personally identifiable information, including your IP, disappear, is wrong. Full-session SSL, in combination with tools such as Vanish (see a related video), next to Tor-like/VPN based anonymity network, are great for a fresh start

broken_ssl_session_chrome.png

It's great to see that the EFF is also emphasizing on the insecure third-party content issue:

As always, even if you're at an HTTPS page, remember that unless Firefox displays a colored address bar and an unbroken lock icon in the bottom-right corner, the page is not completely encrypted and you may still be vulnerable to various forms of eavesdropping or hacking (in many cases, HTTPS Everywhere can't prevent this because sites incorporate insecure third-party content).

view.gif View: Original Article

Link to comment
Share on other sites
  • Replies 1
  • Views 1.1k
  • Created
  • Last Reply
spootnack

spootnack

Posted
Posted

Thank you !

Do you know the difference between this one, Force-TLS and ForceHTTPS ???

Cheers.

++

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...