Firefox extension delivers always-on encryption

Browser extension brings HTTPS security to general browsing, where available

Stewart Mitchell
21 Jun 2010

Privacy campaigners the Electronic Frontier Foundation and the Tor Project have jointly released a beta version of a Firefox extension that encrypts all connections to compatible websites.

The extension - dubbed HTTPS Everywhere - improves privacy to sites that offer SSL security, but don’t include the protection by default.

“We wanted a way to ensure that every search our browsers sent was encrypted, including the search box and URL bar features,” said the Tor Project’s Mike Perry in his blog.

“At the same time, we were also able to encrypt most or all of the browser's communications with other popular sites that support SSL, but don't provide it by default.”

The extension is based on the Strict Transport Security software from the NoScript project, but Perry claims HTTPS Everywhere is more effective because it's easier to integrate with websites.

“This tends to work more effectively than NoScript because many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use,” he said. “For instance, they may not offer all pages and applications via HTTPS, or may only allow HTTPS activity via alternate subdomains that require URL rewriting and redirection.”

The software already has rule sets in place for Google Search, Wikipedia, Twitter, Facebook and other sites, the blog post said.

However, Perry cautioned that not all content on these sites – such as pages provided by third parties – will be available over HTTPS and users should check their browser’s lock icon to ensure the connection is encrypted.

Read more about: