Automatic web encryption (almost) everywhere

The Firefox plug-in offers a list of predefined pages. The HTTPS Everywhere extension for Firefox automatically redirects users to secure SSL connections when they access certain web pages – if this is supported by the server. Jointly developed by the Tor Project and the Electronic Frontier Foundation (EFF), the extension was inspired by the search engine modification Google implemented to make browsers send all their search queries via HTTPS. Google had previously already adjusted its Google Mail service so that web browser connections to the service are protected via SSL by default. This prevents attackers from accessing sensitive data (even in unsecured wireless networks).

HTTPS Everywhere further expands this function and simply redirects the browser to the secure page by rewriting the URL. According to the developers, however, the extension first checks whether the page returns identical content via http and via https. At present, the plug-in is still in beta phase and only rewrites selected URLs, for instance those of Google Search, Wikipedia, Twitter, Facebook, The New York Times, The Washington Post, PayPal, EFF, Tor and Ixquick. However, it's relatively easy for users to add further rules for other domains.

See also:

• Google secures search with SSL encryption, a report from The H.
• Google email service now defaults to SSL connections, a report from The H.

(crve)