14 DAY TRIAL // The Electronic Frontier Foundation (EFF) and the TOR Project have released the first stable version of their HTTPS Everywhere Firefox extension which enforces secure connections.
Many websites, especially the big ones, have been offering full-session HTTPS for a while now, but not as a default option. Because of this users are either not aware of this secure alternative or not knowledgeable enough to care.
HTTPS stands for Hypertext Transfer Protocol Secure and is a combination of the HTTP and SSL/TLS protocols. It provides end-to-end encrypted communication over the web.
HTTPS is a de facto standard for e-commerce and online banking, but it's been missing from other more mainstream sites.
That has began to change in recent years with the increasing use of mobile devices connected through open wi-fi access points. The problem with open wireless networks is that any attacker can intercept the traffic passing through them and, unless it's encrypted, they can see everything.
For example, there are easy-to-use tools that allow hijacking other people's email and social networking accounts over wireless networks. HTTPS Everywhere aims to protect against that by always forcing the connection over HTTPS, at least for many large websites.
For websites that are not supported out of the box, HTTPS Everywhere enables users to write their own rules, however, the sites need to offer full-session HTTPS support for the extension to work.
Additionally, it's worth pointing out that some websites load third-party content that breaks HTTPS connections. A single piece of external content is enough for a man-in-the-middle attack to be successful.
The new 1.0.0 release is HTTPS Everywhere's first stable branch. The release features improved user interface for error pages and bug fixes for Microsoft, Dropbox, Netflix and MySQL websites. Some broken rules were also disabled.
EFF and Tor developers have already started working on version 2.0 which will introduce some interesting options like decentralized SSL observatory and translations.
HTTPS Everywhere 1.0.0 can be downloaded from here.