The Electronic Frontier Foundation (EFF) has launched the new and improved HTTPS Everywhere 2.0 for the Firefox browser . HTTPS Everywhere helps keeps you safe on the Web by encrypting connections to more than 1,400 Web sites. The program uses carefully crafted rules to automatically switch sites from HTTP to HTTPS whenever possible, This new version also includes an important new update that warns users about web security holes and there's also finally a version for Google's Chrome Web browser.
The new feature, the "Decentralized SSL Observatory" is optional. It's designed to detect encryption weaknesses and notifies users when they are visiting a website with a security vulnerability. This is meant to let you know that the “secure” site you're visiting may be leaving you open to eavesdropping or "man in the middle" attacks.
In addition, thanks to the EFF's partnership with the Tor Project, an Internet anonymity program and network, HTTPS can help steer you clear of sites with fake or forged Secure Sockets Layer (SSL) certificates.
Hypertext Transfer Protocol Secure (HTTPS) uses the Web’s HTTP and security provided by the Transport Layer Security (TLS) or SSL protocols, to create gold standard of Internet security. But, "In recent weeks, an unexpected weakness in the encryption used by many routers, firewalls and VPN devices made big news," said EFF Technology Projects Director Peter Eckersley in a statement. "The new version of HTTPS Everywhere for Firefox will let users know when they connect to a website or device that has a security problem – including weak key problems like the ones that were disclosed two weeks ago – giving people the information they need to protect themselves."
Eckersley continued, "EFF and the Tor Project created HTTPS Everywhere to make it easier for people to keep their usernames, passwords, and browser histories secure and private. Now, the 2.0 release also gives Internet users more information about deeper security problems they couldn't spot on their own. This is an extra level of protection that we encourage Firefox users to download, install, and use."
A beta version of HTTPS Everywhere for the Chrome browser is also now available. The Chrome release includes the increased encryption features available in the Firefox version, but it does not include Decentralized SSL Observatory. This means the Chrome version won't notify users of weak key vulnerabilities and other certificate problems. Still, it's another great security add-on for Chrome Web browser users.
Both versions of HTTPS Eveywhere are now available for download. I cannot recommend downloading and installing HTTP Everywhere highly enough. By automating HTTPS links whenever possible, this program makes Web browsing about as safe as it can be in today's threat-filled Internet.