New 'HTTPS Everywhere' Web browser extension released

Summary:The Electronic Frontier Foundation's great Firefox HTTPS Everywhere browser security extension has been improved and there's now a beta version available for Google Chrome Web browser users.

HTTPS Everywhere is better than ever at keeping your Web browsing with Firefox and Chrome safe.

HTTPS Everywhere is better than ever at keeping your Web browsing with Firefox and Chrome safe.

The Electronic Frontier Foundation (EFF) has launched the new and improved HTTPS Everywhere 2.0 for the Firefox browser . HTTPS Everywhere helps keeps you safe on the Web by encrypting connections to more than 1,400 Web sites. The program uses carefully crafted rules to automatically switch sites from HTTP to HTTPS whenever possible, This new version also includes an important new update that warns users about web security holes and there's also finally a version for Google's Chrome Web browser.

The new feature, the "Decentralized SSL Observatory" is optional. It's designed to detect encryption weaknesses and notifies users when they are visiting a website with a security vulnerability. This is meant to let you know that the “secure” site you're visiting may be leaving you open to eavesdropping or "man in the middle" attacks.

In addition, thanks to the EFF's partnership with the Tor Project, an Internet anonymity program and network, HTTPS can help steer you clear of sites with fake or forged Secure Sockets Layer (SSL) certificates.

Hypertext Transfer Protocol Secure (HTTPS) uses the Web’s HTTP and security provided by the Transport Layer Security (TLS) or SSL protocols, to create gold standard of Internet security. But, "In recent weeks, an unexpected weakness in the encryption used by many routers, firewalls and VPN devices made big news," said EFF Technology Projects Director Peter Eckersley in a statement. "The new version of HTTPS Everywhere for Firefox will let users know when they connect to a website or device that has a security problem – including weak key problems like the ones that were disclosed two weeks ago – giving people the information they need to protect themselves."

Eckersley continued, "EFF and the Tor Project created HTTPS Everywhere to make it easier for people to keep their usernames, passwords, and browser histories secure and private. Now, the 2.0 release also gives Internet users more information about deeper security problems they couldn't spot on their own. This is an extra level of protection that we encourage Firefox users to download, install, and use."

A beta version of HTTPS Everywhere for the Chrome browser is also now available. The Chrome release includes the increased encryption features available in the Firefox version, but it does not include Decentralized SSL Observatory. This means the Chrome version won't notify users of weak key vulnerabilities and other certificate problems. Still, it's another great security add-on for Chrome Web browser users.

Both versions of HTTPS Eveywhere are now available for download. I cannot recommend downloading and installing HTTP Everywhere highly enough. By automating HTTPS links whenever possible, this program makes Web browsing about as safe as it can be in today's threat-filled Internet.

Related Stories:

Google bets million bucks its Chrome Web browser can’t be busted

Fake SSL certificates pirate Web sites

Twitter adds SSL security

Facebook secures your Internet Connection

Topics: Security, Browser

About

Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting edge, PC operating system; 300bps was a fast Internet connection; WordStar was the state of the art word processor; and we liked it.His work has been published in everything from highly technical publications... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.