HTTPS Everywhere
   HOME

TheInfoList



Click Here for Items Related To - HTTPS Everywhere
OR:
HTTPS Everywhere on:   [Wikipedia]   [Google]   [Amazon]

HTTPS Everywhere is a discontinued
free and open-source Free and open-source software (FOSS) is software available under a Software license, license that grants users the right to use, modify, and distribute the software modified or not to everyone free of charge. FOSS is an inclusive umbrella term ...
browser extension A browser extension is a software module for customizing a web browser. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and st ...
for
Google Chrome Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, an ...
,
Microsoft Edge Microsoft Edge is a Proprietary Software, proprietary cross-platform software, cross-platform web browser created by Microsoft and based on the Chromium (web browser), Chromium open-source project, superseding Edge Legacy. In Windows 11, Edge ...
,
Mozilla Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curren ...
,
Opera Opera is a form of History of theatre#European theatre, Western theatre in which music is a fundamental component and dramatic roles are taken by Singing, singers. Such a "work" (the literal translation of the Italian word "opera") is typically ...
, Brave,
Vivaldi Antonio Lucio Vivaldi (4 March 1678 – 28 July 1741) was an Italian composer, virtuoso violinist, impresario of Baroque music and Roman Catholic priest. Regarded as one of the greatest Baroque composers, Vivaldi's influence during his lif ...
and
Firefox for Android Firefox for Android is a web browser developed by Mozilla for Android smartphones and tablet computers. As with its desktop version, it uses the Gecko layout engine, and supports features such as synchronization with Firefox Sync, and add-ons ...
, which was developed collaboratively by
The Tor Project The Tor Project, Inc. is a 501(c)(3) research-education nonprofit organization based in Winchester, Massachusetts. It is founded by computer scientists Roger Dingledine, Nick Mathewson, and five others. The Tor Project is primarily responsibl ...
and the
Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an American international non-profit digital rights group based in San Francisco, California. It was founded in 1990 to promote Internet civil liberties. It provides funds for legal defense in court, ...
(EFF). It automatically makes
website A website (also written as a web site) is any web page whose content is identified by a common domain name and is published on at least one web server. Websites are typically dedicated to a particular topic or purpose, such as news, educatio ...
s use a more secure
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protoc ...
connection instead of
HTTP HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...
, if they support it. The option "Encrypt All Sites Eligible" makes it possible to block and unblock all non-HTTPS browser connections with one click. Due to the widespread adoption of HTTPS on the
World Wide Web The World Wide Web (WWW or simply the Web) is an information system that enables Content (media), content sharing over the Internet through user-friendly ways meant to appeal to users beyond Information technology, IT specialists and hobbyis ...
, and the integration of HTTPS-only mode on major browsers, the extension was retired in January 2023.


Development

HTTPS Everywhere was inspired by
Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
's increased use of HTTPS and is designed to force the usage of HTTPS automatically whenever possible. The code, in part, is based on
NoScript NoScript (or NoScript Security Suite) is a free and open-source extension for Firefox- and Chromium-based web browsers, written and maintained by Giorgio Maone, a software developer and member of the Mozilla Security Group. Features Active ...
's
HTTP Strict Transport Security HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other c ...
implementation, but HTTPS Everywhere is intended to be simpler to use than No Script's forced HTTPS functionality which requires the user to manually add websites to a list. The EFF provides information for users on how to add HTTPS rulesets to HTTPS Everywhere, and information on which websites support HTTPS.


Platform support

A
public beta The software release life cycle is the process of developing, testing, and distributing a software product (e.g., an operating system). It typically consists of several stages, such as pre-alpha, alpha, beta, and release candidate, before the fi ...
of HTTPS Everywhere for Firefox was released in 2010, and version 1.0 was released in 2011. A beta for Chrome was released in February 2012. In 2014, a version was released for Android phones.


SSL Observatory

The SSL Observatory is a feature in HTTPS Everywhere introduced in version 2.0.1 which analyzes
public key certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a Key authentication, public key. The certificate includes the public key and informati ...
s to determine if
certificate authorities In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
have been compromised, and if the user is vulnerable to
man-in-the-middle attack In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communi ...
s. In 2013, the
ICANN The Internet Corporation for Assigned Names and Numbers (ICANN ) is a global multistakeholder group and nonprofit organization headquartered in the United States responsible for coordinating the maintenance and procedures of several dat ...
Security and Stability Advisory Committee (SSAC) noted that the
data set A data set (or dataset) is a collection of data. In the case of tabular data, a data set corresponds to one or more table (database), database tables, where every column (database), column of a table represents a particular Variable (computer sci ...
used by the SSL Observatory often treated intermediate authorities as different entities, thus inflating the number of certificate authorities. The SSAC criticized SSL Observatory for potentially significantly undercounting internal name certificates, and noted that it used a data set from 2010.


Continual Ruleset Updates

The update to Version 2018.4.3, shipped on 3 April 2018, introduces the "Continual Ruleset Updates" function. To apply up-to-date https-rules, this update function executes one rule-matching within 24 hours. A website called https-rulesets was built by the EFF for this purpose. This automated update function can be disabled in the add-on settings. Prior to the update- mechanism there have been ruleset-updates only through app-updates. Even after this feature was implemented there are still bundled rulesets shipped within app-updates.


Reception

Two studies have recommended building HTTPS Everywhere functionality into Android browsers. In 2012, Eric Phetteplace described it as "perhaps the best response to
Firesheep Firesheep was an extension for the Firefox web browser to hijack sessions. It used a packet sniffer to intercept unencrypted session cookies from websites such as Facebook and Twitter. The plugin eavesdropped on Wi-Fi communications, listening ...
-style attacks available for any platform". In 2011, Vincent Toubiana and Vincent Verdot pointed out some drawbacks of the HTTPS Everywhere add-on, including that the list of services which support HTTPS needs maintaining, and that some services are redirected to HTTPS even though they are not yet available in HTTPS, not allowing the user of the extension to get to the service. Other criticisms are that users may be misled to believe that if HTTPS Everywhere does not switch a site to HTTPS, it is because it does not have an HTTPS version, while it could be that the site manager has not submitted an HTTPS ruleset to the EFF, and that because the extension sends information about the sites the user visits to the SSL Observatory, this could be used to track the user.


Legacy

HTTPS Everywhere initiative inspired
opportunistic encryption Opportunistic encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt communications channels, otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two ...
alternatives: * 2022:
Firefox for Android Firefox for Android is a web browser developed by Mozilla for Android smartphones and tablet computers. As with its desktop version, it uses the Gecko layout engine, and supports features such as synchronization with Firefox Sync, and add-ons ...
and Firefox Focus HTTPS-only mode * 2021:
Google Chrome Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, an ...
HTTPS-only mode * 2020:
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curr ...
built-in HTTPS-only mode * 2019: ''HTTPZ'' for
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curr ...
/ WebExt supporting browsers * 2017: ''Smart-HTTPS'' (closed-source early since v0.2)


See also

*
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...
(TLS) – Cryptographic protocols that provide communications security over a computer network. *
Privacy Badger Privacy Badger is a free and open-source browser extension for Google Chrome, Mozilla Firefox, Edge, Brave, Opera, and Firefox for Android created by the Electronic Frontier Foundation (EFF). Its purpose is to promote a balanced approach to ...
– A free browser extension created by the EFF that blocks
advertisements Advertising is the practice and techniques employed to bring attention to a product or service. Advertising aims to present a product or service in terms of utility, advantages, and qualities of interest to consumers. It is typically us ...
and
tracking cookies HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small block of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web br ...
. * Switzerland (software) – An open-source
network monitoring Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages or other trouble. Network monitor ...
utility developed by the EFF to monitor network traffic. *
Let's Encrypt Let's Encrypt is a Non-profit organisation, non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 public key certificate, certificates for Transport Layer Security (TLS) encryption at no charge. It is ...
– A free automated X.509 certificate authority designed to simplify the setup and maintenance of TLS encrypted secure websites. *
HTTP Strict Transport Security HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other c ...
– A web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking.


References

{{TLS/SSL Electronic Frontier Foundation Discontinued free Firefox WebExtensions Free software programmed in JavaScript Google Chrome extensions Opera Software Secure communication Software using the GNU General Public License Tor (anonymity network) Transport Layer Security