Welcome Guest.   Make a donation to an author on the site October 24, 2014, 08:35:39 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Learn about the DonationCoder.com microdonation system (DonationCredits).
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: EFF's "HTTPS Everywhere" (Firefox/Chrome add-on) - quick review  (Read 5468 times)
IainB
Supporting Member
**
Posts: 4,790


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« on: January 22, 2012, 12:41:37 AM »

The EFF's Firefox add-on HTTPS Everywhere is available from here.
This follows on from:
Speaking of HTTPS I wan to suggest HTTPS Everywhere from the Electronic Frontier Foundation. It switches to HTTPS for a lot of sites.
The recent and likely future changes to laws imposing censorship and diminishing the user's right to freedom/privacy make it prudent to consider using this kind of tool.
I have been using this add-on for a while now, and it seems to work faultlessly to do what it was designed for.

Quote
From the EFF webpage:
HTTPS Everywhere 1.2 has been released, and the project is out of beta. Version 1.x releases include support for over 1,000 new sites, a better UI, and performance improvements. Click here to install it!

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS. Firefox users can get it by clicking here...
You will find more information if you go to the webpage. Its background is interesting.

EDIT: Note that there's now also a Chrome version of the HTTPS Everywhere add-on. (The subject title of this post has been changed to reflect that fact.)
« Last Edit: March 01, 2012, 04:42:30 PM by IainB; Reason: Updated 2012-03-02 1131hrs (see \"EDIT\"). » Logged
IainB
Supporting Member
**
Posts: 4,790


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #1 on: March 01, 2012, 04:28:19 PM »

"SSL Observatory" looks like a really constructive and potentially very useful research idea.
Note that there's now also a Chrome version of the HTTPS Everywhere add-on.

From the EFF (Electronic Frontier Foundation) Deeplinks blog: HTTPS Everywhere & the Decentralized SSL Observatory

Quote
February 29, 2012 | By Peter Eckersley
HTTPS Everywhere & the Decentralized SSL Observatory

Earlier this week we released version 2.0.1 of HTTPS Everywhere for Firefox, and also, a new beta version for Chrome! You can install HTTPS Everywhere here: [link not copied]

Firefox users will find a number of improvements in version 2.0. In addition to support for four hundred more sites, a crisper user interface, and translation into a dozen languages, there is a new optional feature called the Decentralized SSL Observatory. It detects and warns about security vulnerabilities as you browse the Web. Firefox users can turn on this setting from the Tools->HTTPS Everywhere->SSL Observatory Preferences menu, or from the HTTPS Everywhere toolbar button, which looks like this:
[Screenshot of HTTPS Everywhere Firefox toolbar button not copied]

In that Preferences page, check the box marked "Use the Observatory": [Screenshot image not copied]

If you turn on this feature, it will send anonymous copies of certificates for HTTPS websites to EFF's SSL Observatory database, which will allow us to study them and detect problems with the web's cryptographic and security infrastructure. The Decentralized SSL Observatory is also capable of giving real-time warnings about these problems.

At the moment, the Observatory will give warnings if you connect to a router, VPN, firewall or similar device that has an insecure private key due to the random number generator vulnerabilities that were recently discovered by two teams of researchers, using data from the SSL Observatory and other sources. We will be adding more kinds of certificate and key auditing to the Decentralized Observatory in the future.
Logged
Boydon
Supporting Member
**
Posts: 22

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #2 on: March 07, 2012, 06:10:18 AM »

You may also be interested in HTTPS Finder. smiley
Logged
IainB
Supporting Member
**
Posts: 4,790


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #3 on: March 13, 2012, 04:25:34 AM »

You may also be interested in HTTPS Finder. smiley
Thanks for this @Boydon.
I have only just now got a round tuit and installed HTTPS Finder. I did so because it apparently overcomes this major limitation (from https://www.eff.org/https-everywhere):
Quote
HTTPS Everywhere can protect you only when you're using sites that support HTTPS and for which HTTPS Everywhere includes rules. If sites you use don't support HTTPS, ask the site operators to add it; only the site operator is able to enable HTTPS. There is more information and instruction on how server operators can do that in the EFF article How to Deploy HTTPS Correctly.

As it says at https://code.google.com/p/https-finder/ :
Quote
What is HTTPS Finder?
HTTPS Finder automatically detects and enforces valid HTTPS connections as you browse, as well as automating the rule creation process for HTTPS-Everywhere (instead of having to manually type "https://" in the address bar to test, and writing your own XML rule for it).

The extension sends a small HTTPS request to each HTTP page you browse to. If there is a response, the certificate is checked for validity (any certificate errors will result in no notification, and no further detection requests during that session). If valid, HTTPS is automatically enforced (can be disabled for an alert only, with no redirect), and the user is given an option to save the auto-generated rule for HTTPS Everywhere. It is recommended to create rules whenever possible, as it more securely enforces secure connections.
Looks ruddy brilliant. Let's see how it works in practice.

I am now running a suck-it-and-see trial of HTTPS Finder.
Logged
ewemoa
Honorary Member
**
Posts: 2,479



View Profile Give some DonationCredits to this forum member
« Reply #4 on: July 03, 2012, 03:18:16 AM »

As I didn't succeed in turning up a ruleset for DC, I made an attempt as follows...

I put the following in a file named DonationCoder.xml within the HTTPSEverywhereUserRules subdirectory of my profile directory and restarted FF -- so far it looks like it's working:

Formatted for XML with the GeSHI Syntax Highlighter [copy or print]
  1. <ruleset name="DonationCoder">
  2.  <target host="www.donationcoder.com" />
  3.  <target host="donationcoder.com" />
  4.  
  5.  <rule from="^http://(www\.)?donationcoder\.com/" to="https://donationcoder.com/"/>
  6. </ruleset>
Logged
IainB
Supporting Member
**
Posts: 4,790


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #5 on: July 03, 2012, 12:09:38 PM »

@ewemoa: That's nifty, thanks!      Thmbsup
Logged
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,958



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #6 on: July 03, 2012, 12:50:16 PM »

Strange I didn't know donationcoder.com had https ?

Edit: Plus a limitation - I posted the above note but when I look at unread posts it still appeared - I read ti again thinking someone had posted a response and yet it was still marked as unread - obviously https doesn't play nicely with SMF ???
Logged

ewemoa
Honorary Member
**
Posts: 2,479



View Profile Give some DonationCredits to this forum member
« Reply #7 on: July 03, 2012, 05:11:49 PM »

Edit: Plus a limitation - I posted the above note but when I look at unread posts it still appeared - I read ti again thinking someone had posted a response and yet it was still marked as unread - obviously https doesn't play nicely with SMF ???

I think I experience this as well.  FWIW, I've been using https / SSL with DC for a bit and IIRC it wasn't always this way.
Logged
ewemoa
Honorary Member
**
Posts: 2,479



View Profile Give some DonationCredits to this forum member
« Reply #8 on: July 03, 2012, 05:13:42 PM »

thanks!

Sure thing smiley

Now if this ruleset could get merged into the defaults, we won't have to go through manual set up Wink
Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.037s | Server load: 0.1 ]