HTTPS Everywhere 5 launches with thousands of new rules
HTTPS Everywhere is a browser extension that is published by the Electronic Frontier Foundation that improves privacy and security by enforcing the use of the HTTPS protocol on websites supporting it.
It is of specific use when you are connecting to sites or services that support http and https depending on how you access the site and its contents.
Version 5 of HTTPS Everywhere has been released this week to the public introducing thousands of new rules in the program.
A rule defines which resources get redirected to HTTPS automatically when you are connecting to them in your browser of choice.
For instance, even if you don't use a protocol at all to open a site or open an address starting with http:// you are automatically redirected to https:// if HTTPS Everywhere is installed in the browser and a rule for the resource you are trying to access exists.
HTTPS Everywhere works on thousands of sites out of the box. Each version of the extension, available for Chrome, Firefox, Opera and Safari, ships with options to add unsupported websites to the extension's rule set.
If you are using Chrome, you'd click on the HTTPS Everywhere icon in Chrome's interface and select the "add a rule for this site" option from the menu that opens up. Usually, all you need to do next is click on the "add new rule" button to add it. It is possible to override this basic rule with a click on the advanced link in the menu.
There you find options to specify matching regular expressions and the target destination for it.
The new version of HTTPS Everywhere introduces a feature in Chrome that Firefox users had access to for some time (since version 4.0.2 released October 2014): the ability to turn off http access completely.
While that sounds like a great idea at first, it will render sites inaccessible. Which? All sites that don't support https currently.
This could be interesting though if you are using a hardened version of Chrome (or Firefox) for specific tasks such as online banking on the Internet exclusively.
To enable the feature click on the extension button and check "turn on HTTP nowhere" in the menu.
Last but not least, interface translations in 16 new languages are provided now as well.
Interestingly enough, version 5 of HTTPS Everywhere was released on March 23, 2015. A new version of the extension was released just a week later which fixed some broken rulesets and introduced the new Chrome option to block all HTTP requests.
Existing HTTPS Everywhere users are updated to the new version automatically. New users or those who don't want to wait for the update to hit their browsers can download the latest version from the official project website.
Just installed HTTPS-Everwhere 5.01 for Firefox (from EFF, not from AMO’s page) and I am quite surprised to notice the improvements since my last experiences (3.x – 4.x). It wouldn’t have been this article I don’t think I would have given the extension another try.
HTTPS-Everwhere 5.01 does no longer slow down pages as in the past (does SPDY have anything to do with this?), one can feel that, if new rules have been added, others have been updated, mainly for well known sites/urls : no more problems (anyway not as they’d appear as soon as I had installed the extension). Seems to be a major update. In this context I’m bound to keep the add-on. It doesn’t even charge my RAM… nice.
Tom that’s great. I did not notice any issues during tests as well but I did only test the Chrome version this time as it had the new feature integrated.
Yes, this is truly great indeed, because how often have experts (you included here on gHacks) not repeated the importance of SSL in regard to security and privacy, the role HTTPS-Everywhere had as a leader in terms of both security/privacy in general (Electronic Frontier Foundation) and as a dedicated tool (the extension), and at the same time many users myself included hesitating when not hostile when confronted to the ratio security/slowdown. I have to admit that I hold a balance between the two as mush as possible but that I do tend to favour speed (to a certain extend…). So, having the security with no speed incidence is for me “an offer i cannot refuse” :)
Well I won’t be using it again till they make it compatible with palemoon once more!
Yes, this is what I was just wondering–which of the excellent speedier versions of Ff can it now be used with??
There is no speedier version (I guess you mean fork) of Firefox. This is another myth, together with a few others like the fairy tail asserting that 64-bit applications run faster… in certain circumstances they do but it’s far from being an evidence and the delta is small. Firefox is fine if you put aside the gadgets and the cyber excitements of a few developers who forget that Firefox is a browser and not a multi-purpose Web tool…. and it is from that evidence that Pale Moon emerged, for the best (honest, sober), for the worst (behind, always behind).
wrong reply, oops.
Well, with Pale Moon you’re bound for exponentially rising compatibility issues… and I like the Pale Moon browser for having had it as my default browser during 6 months. But it’s a choice and the user has to get to the idea that he cannot have the advantages of a faithful browser together with those of its front-line ancestor. It never will be possible and that is why Pale Moon is developing its own add-ons’ library. It’s up to them to negotiate with the EFF a Pale Moon dedicated version… good luck!
Yes, there is. You can scream all you want, Pale Moon is decidedly faster and more responsive on my installation. I don’t care why and how, it is what it is.
Why does it not work yet
with the Pale Moon browser?
Last night I came across a workaround to make HTTPS Everywhere work in Pale Moon, here:
It involves downloading the last development build of HTTPS Everywhere 5 that worked on Pale Moon 25+, inserting into it the ruleset from the latest HTTPS Everywhere release (which doesn’t work on Pale Moon 25+), and then installing the “hacked” development build. I haven’t tried it. It sounds pretty easy to do, but a hassle to keep up to date.
Re Chrome users: “Note: If you install the standalone .crx (i.e. not from the Chrome Web Store), and you are using Windows, Chrome will automatically disable the extension on each restart….”
Per https://www.eff.org/https-everywhere . I love the concept of this extension.
It appears to have little or no performance impact on my Win Firefox installation _unless_ I enable Observatory and then the browser becomes virtually unusable.
I uninstalled HTTPS-Everywhere yesterday. It just breaks sites. I had it forcing https on a website that I *didn’t* want it to, and I checked the settings, and I couldn’t find that site anywhere in the addon’s settings.
Conclusion? The addon is broken. I rather manually insert https rules into NoScript if I need a site to use https.
A quick note in case folks look for the “Turn on HTTP nowhere” option: in mine (version 5.0.1) it says instead “Block all HTTP requests.”