HTTPS Everywhere 5 launches with thousands of new rules

Martin Brinkmann
Apr 3, 2015
Security
|
15

HTTPS Everywhere is a browser extension that is published by the Electronic Frontier Foundation that improves privacy and security by enforcing the use of the HTTPS protocol on websites supporting it.

It is of specific use when you are connecting to sites or services that support http and https depending on how you access the site and its contents.

Version 5 of HTTPS Everywhere has been released this week to the public introducing thousands of new rules in the program.

A rule defines which resources get redirected to HTTPS automatically when you are connecting to them in your browser of choice.

For instance, even if you don't use a protocol at all to open a site or open an address starting with http:// you are automatically redirected to https:// if HTTPS Everywhere is installed in the browser and a rule for the resource you are trying to access exists.

HTTPS Everywhere works on thousands of sites out of the box. Each version of the extension, available for Chrome, Firefox, Opera and Safari, ships with options to add unsupported websites to the extension's rule set.

If you are using Chrome, you'd click on the HTTPS Everywhere icon in Chrome's interface and select the "add a rule for this site" option from the menu that opens up. Usually, all you need to do next is click on the "add new rule" button to add it. It is possible to override this basic rule with a click on the advanced link in the menu.

There you find options to specify matching regular expressions and the target destination for it.

The new version of HTTPS Everywhere introduces a feature in Chrome that Firefox users had access to for some time (since version 4.0.2 released October 2014): the ability to turn off http access completely.

While that sounds like a great idea at first, it will render sites inaccessible. Which? All sites that don't support https currently.

This could be interesting though if you are using a hardened version of Chrome (or Firefox) for specific tasks such as online banking on the Internet exclusively.

To enable the feature click on the extension button and check "turn on HTTP nowhere" in the menu.

Last but not least, interface translations in 16 new languages are provided now as well.

Interestingly enough, version 5 of HTTPS Everywhere was released on March 23, 2015. A new version of the extension was released just a week later which fixed some broken rulesets and introduced the new Chrome option to block all HTTP requests.

Existing HTTPS Everywhere users are updated to the new version automatically. New users or those who don't want to wait for the update to hit their browsers can download the latest version from the official project website.

Summary
software image
Author Rating
1star1star1star1star1star
0 based on 1 votes
Software Name
HTTPS Everywhere
Operating System
Windows
Landing Page
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Hy said on April 7, 2015 at 11:12 pm
    Reply

    A quick note in case folks look for the “Turn on HTTP nowhere” option: in mine (version 5.0.1) it says instead “Block all HTTP requests.”

  2. Guest said on April 5, 2015 at 3:23 pm
    Reply

    I uninstalled HTTPS-Everywhere yesterday. It just breaks sites. I had it forcing https on a website that I *didn’t* want it to, and I checked the settings, and I couldn’t find that site anywhere in the addon’s settings.

    Conclusion? The addon is broken. I rather manually insert https rules into NoScript if I need a site to use https.

  3. DonGateley said on April 4, 2015 at 10:07 pm
    Reply

    It appears to have little or no performance impact on my Win Firefox installation _unless_ I enable Observatory and then the browser becomes virtually unusable.

  4. chesscanoe said on April 4, 2015 at 2:25 pm
    Reply

    Re Chrome users: “Note: If you install the standalone .crx (i.e. not from the Chrome Web Store), and you are using Windows, Chrome will automatically disable the extension on each restart….”
    Per https://www.eff.org/https-everywhere . I love the concept of this extension.

  5. manicmac said on April 3, 2015 at 10:43 pm
    Reply

    Well I won’t be using it again till they make it compatible with palemoon once more!

    1. MartinPC said on April 5, 2015 at 3:58 pm
      Reply

      Last night I came across a workaround to make HTTPS Everywhere work in Pale Moon, here:

      https://forum.palemoon.org/viewtopic.php?f=16&t=7287

      It involves downloading the last development build of HTTPS Everywhere 5 that worked on Pale Moon 25+, inserting into it the ruleset from the latest HTTPS Everywhere release (which doesn’t work on Pale Moon 25+), and then installing the “hacked” development build. I haven’t tried it. It sounds pretty easy to do, but a hassle to keep up to date.

    2. interstellar said on April 4, 2015 at 6:17 am
      Reply

      Agree!
      Why does it not work yet
      with the Pale Moon browser?

      Hello! …developers…

    3. Tom Hawack said on April 4, 2015 at 1:12 am
      Reply

      Well, with Pale Moon you’re bound for exponentially rising compatibility issues… and I like the Pale Moon browser for having had it as my default browser during 6 months. But it’s a choice and the user has to get to the idea that he cannot have the advantages of a faithful browser together with those of its front-line ancestor. It never will be possible and that is why Pale Moon is developing its own add-ons’ library. It’s up to them to negotiate with the EFF a Pale Moon dedicated version… good luck!

      1. anon said on April 4, 2015 at 6:54 am
        Reply

        Yes, there is. You can scream all you want, Pale Moon is decidedly faster and more responsive on my installation. I don’t care why and how, it is what it is.

    4. Mike J said on April 4, 2015 at 1:06 am
      Reply

      Yes, this is what I was just wondering–which of the excellent speedier versions of Ff can it now be used with??

      1. anon said on April 4, 2015 at 6:54 am
        Reply

        wrong reply, oops.

      2. Tom Hawack said on April 4, 2015 at 1:19 am
        Reply

        There is no speedier version (I guess you mean fork) of Firefox. This is another myth, together with a few others like the fairy tail asserting that 64-bit applications run faster… in certain circumstances they do but it’s far from being an evidence and the delta is small. Firefox is fine if you put aside the gadgets and the cyber excitements of a few developers who forget that Firefox is a browser and not a multi-purpose Web tool…. and it is from that evidence that Pale Moon emerged, for the best (honest, sober), for the worst (behind, always behind).

  6. Tom Hawack said on April 3, 2015 at 8:02 pm
    Reply

    Just installed HTTPS-Everwhere 5.01 for Firefox (from EFF, not from AMO’s page) and I am quite surprised to notice the improvements since my last experiences (3.x – 4.x). It wouldn’t have been this article I don’t think I would have given the extension another try.

    HTTPS-Everwhere 5.01 does no longer slow down pages as in the past (does SPDY have anything to do with this?), one can feel that, if new rules have been added, others have been updated, mainly for well known sites/urls : no more problems (anyway not as they’d appear as soon as I had installed the extension). Seems to be a major update. In this context I’m bound to keep the add-on. It doesn’t even charge my RAM… nice.

    1. Martin Brinkmann said on April 3, 2015 at 8:28 pm
      Reply

      Tom that’s great. I did not notice any issues during tests as well but I did only test the Chrome version this time as it had the new feature integrated.

      1. Tom Hawack said on April 3, 2015 at 8:43 pm
        Reply

        Yes, this is truly great indeed, because how often have experts (you included here on gHacks) not repeated the importance of SSL in regard to security and privacy, the role HTTPS-Everywhere had as a leader in terms of both security/privacy in general (Electronic Frontier Foundation) and as a dedicated tool (the extension), and at the same time many users myself included hesitating when not hostile when confronted to the ratio security/slowdown. I have to admit that I hold a balance between the two as mush as possible but that I do tend to favour speed (to a certain extend…). So, having the security with no speed incidence is for me “an offer i cannot refuse” :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.