HTTPS Everywhere is a popular browser extension, developed by Electronic Frontier Foundation and The Tor Project respectively. Surfing on the Internet is definitely safer with this useful software. Many websites still do not have a secure protocol, but this extension enables it automatically. HTTPS Everywhere is compatible with Mozilla Firefox, Google Chrome, Opera as well as Firefox for Android.
HTTPS and HTTP
HTTP or the Hypertext Transfer Protocol connects a browser with a web server. When you enter an online web location, the protocol sends a request to the server opening the desired page. All requests are always sent in a form of the plaintext and are visible to every hacker who manages to break into your communication.
HTTPS or the Hypertext Transfer Protocol Secure has exactly the same purpose, but with some advanced abilities. The last letter in the abbreviation means “secure” because the protocol uses an encrypted transfer while sending the requests. Some browsers display a small padlock icon on the left side of the search bar when you use the website with the secured protocol. If you surf online regularly, you have probably seen it already.
Many websites have implemented this secure protocol, especially those that handle some sensitive data, such as personal details of the users. However, there is still a large number of those sites that still use unsecured one, which is highly vulnerable to different web attacks. That is where HTTPS Everywhere extension comes in. It enables secure protocol on all sites on the web, regardless of their structure.
How HTTPS Everywhere Works
HTTPS Everywhere extension works like any other similar add-on. You need to have a supported browser version, though. That is the only way to install it properly. Fortunately, there are many recent releases of this extension, and you will certainly find a compatible version if you use some of the most popular web browsers. HTTPS Everywhere rewrites your requests and adds proper safe protocol where appropriate. That is the main principle on which it works.
This add-on functions as open source software and is freely available on the website of Electronic Frontier Foundation. There are several download links with browser icons, and you can choose the right one for yourself. Click on it, and if you use Chrome browser, you will be redirected to the Google Webstore page. Click again on “add to chrome” blue button in the right upper corner, and the downloading process will start and finish in just a few seconds. After downloading, you will notice a small blue icon at the right angle next to the search bar of your browser. That is your new add-on.
You can click on the icon, and that will open a pop-up form designed to manage the extension over it. There are options for enabling the extension and blocking all unencrypted requests. Also, you can use the links at the bottom of the form to discover some new things about HTTPS Everywhere. There is a learning page on the official websites with different data and information for all those who want to learn more about the extension. You can use the link on the pop-up form to go there, or you can use the web address to go directly to the site. The browser may work a bit slower with this extension because sometimes it has to wait for the extension to finish its work. But, that is the way how you stay safe online.
Many contributors have worked together for a long time creating this extension, and you can find some details about the process as well. The new versions of the extension still wait for new contributors, so if you have a coding knowledge or some other necessary skill, you may join their online team. All contributions are on a voluntary basis, and you may get only the experience from the contribution. HTTPS Everywhere extension uses small rule sets to interpret how domains are transferred to HTTPS. The company calls others to write their own rule sets if they have the knowledge to do that. Also, it calls users to report bugs if they find any.
There is a separate page on the website dedicated to resolving problems. If you want to remove the add-on for any reason, you can do that easily in just a few basic steps. For the Google Chrome browser, click a button in the right upper corner with three small spots. After opening a pop-up form, click an “extension” link, and it will lead you to the page with your add-ons. Now click a “remove” button on the extension, and it will disappear in a moment. That is it, you have uninstalled it. For other browsers, check the FAQ page on the official website. You will find simple explanations on how to remove the extension from every browser.
The main inspiration for the creation of this extension was Google‘s transfer from HTTP to HTTPS protocol, which programmed its website to use it all the time. The creators copied a part of the code from a NoScript browser extension. Still, HTTPS Everywhere is easier to use and it works automatically, while NoScript requires users to manually place URLs of websites to a list. Besides, Electronic Frontier Foundation often releases useful information on how to easily use their extension and which sites support HTTPS.
Privacy and Security
Obviously, the most important function of this extension is to enable safe communication between users and servers. It is no secret that online world is full of hackers, who are ready to steal your data or attack you in some different way. So, the protection should be the first priority. For example, when you pay over the Internet, you have to type your personal information, including credit card numbers. If you use HTTP protocol, those with bad intentions and advanced programming knowledge may hijack that information and later steal money from your bank account. The HTTPS protocols encrypt your sensitive data instead, and hackers usually have a serious problem to crack that code. They could not find out what you type into billing forms and those details remain a secret for them. Only the server gets real value and can process the request in compliance with entered data.
The EFF SSL Observatory is an advanced feature included within the extension and introduced in 2.0.1 version. It analyzes public key certificates to identify if they have been attacked or if user data have been compromised. However, some critics pointed out that extension usually considers intermediate authorities as independent bodies. That often leads to the inflation of certificate authorities in numbers.
Some interesting scientific studies recommended adding in the extension functions into Android browser. Some experts described these functions as probably the best response to many cyber attacks. Others pointed out some flaws of the add-on, such as the list of services that need managing as well as unexpected redirects to HTTPS that are not available in the protocol, which blocks users to come to the service.
The support of the extension is very good, and the updates are pretty frequent. There have been many recent releases and more than a few in the first three months of this year. That includes stable recent releases for Mozilla Firefox, Opera 15+, Google Chrome, and Chromium. The creators are following latest trends and issues to update the extensions enabling safe browsing. It also means the extension is compatible with new browser versions and is up-to-date. This is more important question than it looks at first sight because the outdated software would probably face various issues during work. However, with HTTPS Everywhere the users should not worry about that problem since the producers enable great support.
One of the main HTTPS drawbacks is certainly its speed, compared to older HTTP protocol, which is significantly faster and sometimes offers better user experience because of that characteristic. HTTPS Everywhere extension is working on the same protocol, so it may be its flaw too. There is a solution, however, for these issues, and it lies in an upgraded HTTPS version. SPDY is modified HTTPS that works using both protocols. It is quite similar and compatible with the regular HTTP and HTTPS protocols, but it sends a lower number of server requests and works faster. In fact, SPDY looks like a tunnel through which both HTTP and HTTPS protocols passing. When the requests go over the SPDY protocol, it simplifies and compresses them. Thanks to these capabilities, it is probably the best protocol out there. The creators of HTTPS Everywhere extension should consider updating the software to enable this advanced protocol for the users of the application. That way, it would achieve the full potential of safe surfing.
HTTPS Everywhere extension is a good choice for all those who want to improve their safety online. If you often pay your bills or make purchases over the Internet, then you certainly want that your money and personal data stays secure. With this extension, you will achieve that goal. HTTPS Everywhere is not perfect and has some flaws and drawbacks, but when you look that way, nothing in this world is completely perfect. Every product has good and bad sides as well as positive and negative implications. Your browser will maybe work a bit slower with it, but it is a low price for a secure surfing. With this extension, you will always know how to stay safe online.
Do you have any questions about HTTPS Everywhere Extension? Feel free to ask in the comments!
Also worth reading an article regarding How to Stay Safe Online: