HTTPS Everywhere 3.0 Released

Type threatpost
Reporter Dennis Fisher
Modified 2013-04-17T16:31:24


HTTPSThe EFF has released an updated version of its popular HTTPS Everywhere browser plugin, which enables users to automatically connect over HTTPS to many sites. The newest version of the extension now supports more than 1,500 sites.

The EFF developed HTTPS Everywhere in collaboration with The Tor Project and it’s designed to protect users’ communications by default, without the users having to specify HTTPS in the URL. The extension contains rulesets for various Web sites and when a user attempts to connect to one of the supported sites, the extension will modify the request to the site in order to tell the server on the other end that the client wants to connect over HTTPS.

HTTPS Everywhere gives users a basic level of protection against several classes of attack that rely on eavesdropping on user sessions. One limitation of the browser extension, which is available for Google Chrome and Mozilla Firefox, is that it can’t do much about the insecure content elements supplied by third-party sites to pages that are protected by the encryption.

HTTPS Everywhere 3.0, released on Monday, now contains rulesets for more than 1,500 sites.

“Today we released version 3.0 of HTTPS Everywhere, which adds encryption protection to 1,500 more websites, twice as many as previous stable releases. Our current estimate is that HTTPS Everywhere 3 should encrypt at least a hundred billion page views in the next year, and trillions of individual HTTP requests,” Peter Eckersley of the EFF wrote in a blog post.

In the last stable release of the browser extension, the EFF included a new capability that detected problematic digital certificates and can anonymously report their use to the EFF.

“If you turn on this feature, it will send anonymous copies of certificates for HTTPS websites to EFF’s SSL Observatory database, which will allow us to study them and detect problems with the web’s cryptographic and security infrastructure. The Decentralized SSL Observatory is also capable of giving real-time warnings about these problems,” Eckersley wrote at the time of that last release.