HTTPS Everywhere is a Firefox and Chrome extension that encrypts your communications with many major websites, making your browsing more secure. Encrypt the web.
HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using a clever technology to rewrite requests to these sites to HTTPS.
|Download the Chrome extension.|
Internet technologists have long known that HTTP is insecure, causing many risks to users. The release of Firesheep made one of these risks concrete and obvious to even non-technical folks.
While HTTPS has long existed as a reasonable way to improve web security, web operators have been slow to host their applications with it. In part, this is because correctly and completely hosting an application with HTTPS takes some care.
|Download the Firefox extension.|
HTTP provides no security guarantees, and applications that use it cannot possibly provide users any security. When using a web application hosted via HTTP, people have no way of knowing whether or not they are talking to the true application server, nor can they be sure attackers have not read or modified communications between the user’s computer and the server.
However users connect to the Internet, there are a variety of people who can attack them—whether spying on them, impersonating them, tampering with their communications, or all three of these. The wifi network operator can do this; any ISP in the path between client and server can do it; anyone who can reconfigure the wifi router or another router can do it; and often, anyone else using the same network can do it, too.
HTTPS provides the baseline of safety for web application users, and there is no performance- or cost-based reason to stick with HTTP. Web application providers undermine their business models when, by continuing to use HTTP, they enable a wide range of attackers anywhere on the internet to compromise users’ information. — From the Electronic Frontier Foundation. Donate to the EFF.