HTTPS Everywhere 3.0 adds 1500 always https sites
Making sure that you are connected via https to important websites such as your bank's website, PayPal, your Google account or Facebook, is one of the essential things that Internet users need to do these days to make sure they are safe on the Internet. While not using https often does not mean that you fall prey to a phishing attack or other attack form that got you redirected to an insecure site, it does exactly mean that for websites that only allow https connections.
Many sites on the other hand do not force https on you, giving you options to use http or https when connecting to the service on the Internet. It is those sites that HTTPS Everywhere has been designed for. The main advantage of using https connections is to protect the connection from attacks that record data while it is transmitted. This usually happens from within the same network, e.g. a wireless hotspot, an Internet Cafe, or a university network.
Version 3.0 of the popular add-on for Firefox and Google Chrome has just been released, adding another 1500 sites to the list of sites that it supports, effectively doubling the number of websites. Version 3.0 has been released for the Firefox web browser, while Google Chrome's version is still listed as an alpha version by the EFF, the creators of the extension.
You may also notice that the Firefox version is offered directly on the EFF website, while the Chrome version is only available on Chrome's Web Store. Why is that you may ask, and the best explanation that I have is that it has something to do with the blocking of third-party extension installations in Chrome. There may very well be a different explanation for this, and I'd really like to hear it so fire away in the comments if you know why that is the case.
You can take a look at the list of supported sites in the preferences. Firefox users need to enter about:addons in the address bar of the browser, and click on the options button next to the HTTPS Everywhere listing on the page.
You can enable or disable the enforcement of https for all sites listed here. You can download the latest version of HTTPS Everywhere 3.0 from the official website. The Chrome version offered there links to the Chrome Web Store. The Chrome version has been updated on the same day, which seems to indicate that it has received the same update, even though it is listed as an alpha version.
Advertisement
Does anybody know of a Mirror Link to this program, as the EFF site has connection problems and there’s no way to contact the people involved.
The Firefox addon Noscript, version 1.9.9.74 already has the capability to force
https for any website that you specify. Look in Options / Advanced / HTTPS.
There you have options to “forbid active web content unless it comes from a
secure (HTTPS) connection” and to “force the following sites to use secure
(HTTPS) connections” and to “never force secure (HTTPS) connections for the
following sites”.
I don’t think the article links to any download or the plugin homepage …
No, it doesn’t, but you can “attempt” to Download it from the HTTP Everywhere web site.
I say Attempt, as I haven’t been able to get it for the past 4 days, due to some connection error to their site and there’s no way to contact them to report the problem!
I have been using the prior version for over a year and it worked fine, until I installed Firefox 16. Firefox would not boot up until I removed the add-on. After I removed the old version I downloaded and installed version 3.0 and when Firefox attempted to restart it failed. I finally got it to restart after I removed the add-on.
Something is wrong with this add-on.
Been trying to Download this from the EFF web site for the past two days but can’t connect!
Very strange, indeed!
p.s Chrome is Alpha version.
“All Chrome releases should be considered alpha-quality
because of this bug in Chrome :
https://trac.torproject.org/projects/tor/ticket/6975
critical, EFF-HTTPS Everywhere
Recent versions of Chromium and Chrome have implemented an automatic mechanism to block the loading of insecure HTTP scripts from HTTPS origins. At first there was a loud popup message whenever that happened, but now the only indication in the UI is a small shield in the address bar, which the user can click on to force the insecure scripts to load.
Google has replied “won’t fix” to any UX or extension API requests we made about this: https://code.google.com/p/chromium/issues/detail?id=144637
As a result, we are going to need a major push to identify rulesets that break sites in Chrome because of this mechanism, and disable them on that platform. This ticket will track that task.
Thanks for finding the reason why it is still seen as alpha.
I have disabled the previous version in Chrome due to incompatibility issues.
Hope this one works.