HTTPS Everywhere is a

free and open-source Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the source ...

browser extension A browser extension is a small software module for customizing a web browser. Browsers typically allow a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web p ...

for

Google Chrome Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS ...

Microsoft Edge Microsoft Edge is a proprietary, cross-platform web browser created by Microsoft. It was first released in 2015 as part of Windows 10 and Xbox One and later ported to other platforms as a fork of Google's Chromium open-source project: Android ...

Mozilla Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and a ...

Opera Opera is a form of theatre in which music is a fundamental component and dramatic roles are taken by singers. Such a "work" (the literal translation of the Italian word "opera") is typically a collaboration between a composer and a librett ...

, Brave,

Vivaldi Antonio Lucio Vivaldi (4 March 1678 – 28 July 1741) was an Italian composer, virtuoso violinist and impresario of Baroque music. Regarded as one of the greatest Baroque composers, Vivaldi's influence during his lifetime was widespread a ...

and

Firefox for Android Firefox for Android is a web browser developed by Mozilla for Android smartphones and tablet computers. As with its desktop version, it uses the Gecko layout engine, and supports features such as synchronization with Firefox Sync, blocking w ...

, which is developed collaboratively by

The Tor Project The Tor Project, Inc. is a Seattle-based 501(c)(3) research-education nonprofit organization founded by computer scientists Roger Dingledine, Nick Mathewson and five others. The Tor Project is primarily responsible for maintaining software for ...

and the

Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet ci ...

(EFF). It automatically makes

website A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google Search, Google, Facebook, Amaz ...

s use a more secure

HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...

connection instead of

HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...

, if they support it. The option "Encrypt All Sites Eligible" makes it possible to block and unblock all non-HTTPS browser connections with one click. Due to the widespread adoption of HTTPS on the

World Wide Web The World Wide Web (WWW), commonly known as the Web, is an information system enabling documents and other web resources to be accessed over the Internet. Documents and downloadable media are made available to the network through web se ...

, and the integration of HTTPS-only mode on major browsers, the extension will be retired at the end of 2022.

Development

HTTPS Everywhere was inspired by

Google Google LLC () is an American multinational technology company focusing on search engine technology, online advertising, cloud computing, computer software, quantum computing, e-commerce, artificial intelligence, and consumer electronics. ...

's increased use of HTTPS and is designed to force the usage of HTTPS automatically whenever possible. The code, in part, is based on

NoScript NoScript (or NoScript Security Suite) is a free software extension for Mozilla Firefox, SeaMonkey, other Mozilla-based web browsers and Google Chrome, written and maintained by Giorgio Maone, an Italian software developer and member of the Moz ...

HTTP Strict Transport Security HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other ...

implementation, but HTTPS Everywhere is intended to be simpler to use than NoScript's force HTTPS functionality which requires the user to manually add websites to a list. The EFF provides information for users on how to add HTTPS rulesets to HTTPS Everywhere, and information on which websites support HTTPS.

Platform support

public beta A software release life cycle is the sum of the stages of development and maturity for a piece of computer software ranging from its initial development to its eventual release, and including updated versions of the released version to help impro ...

of HTTPS Everywhere for Firefox was released in 2010, and version 1.0 was released in 2011. A beta for Chrome was released in February 2012. In 2014, a version was released for Android phones.

SSL Observatory

The SSL Observatory is a feature in HTTPS Everywhere introduced in version 2.0.1 which analyzes

public key certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes information about the key, information about the ...

s to determine if certificate authorities have been compromised, and if the user is vulnerable to

man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...

s. In 2013, the

ICANN The Internet Corporation for Assigned Names and Numbers (ICANN ) is an American multistakeholder group and nonprofit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces ...

Security and Stability Advisory Committee (SSAC) noted that the

data set A data set (or dataset) is a collection of data. In the case of tabular data, a data set corresponds to one or more database tables, where every column of a table represents a particular variable, and each row corresponds to a given record of the ...

used by the SSL Observatory often treated intermediate authorities as different entities, thus inflating the number of certificate authorities. The SSAC criticized SSL Observatory for potentially significantly undercounting internal name certificates, and noted that it used a data set from 2010.

Continual Ruleset Updates

The update to Version 2018.4.3, shipped 3 April 2018, introduces the "Continual Ruleset Updates" function. To apply up-to-date https-rules, this update function executes one rule-matching within 24 hours. A website called https-rulesets was built by the

EFF EFF or eff may refer to: Politics * Economic Freedom Fighters, a South African communist political party * Economic Freedom Fund, an American political organization * Election Fighting Fund, a British suffragist organization supporting the ear ...

for this purpose. This automated update function can be disabled in the add-on settings. Prior the update- mechanism there have been ruleset-updates only through app-updates. Even after this feature was implemented there are still bundled rulesets shipped within app-updates.

Reception

Two studies have recommended building in HTTPS Everywhere functionality into Android browsers. In 2012, Eric Phetteplace described it as "perhaps the best response to

Firesheep Firesheep was an extension for the Firefox web browser that used a packet sniffer to intercept unencrypted session cookies from websites such as Facebook and Twitter. The plugin eavesdropped on Wi-Fi communications, listening for session cookies. ...

-style attacks available for any platform". In 2011, Vincent Toubiana and Vincent Verdot pointed out some drawbacks of the HTTPS Everywhere add-on, including that the list of services which support HTTPS needs maintaining, and that some services are redirected to HTTPS even though they are not yet available in HTTPS, not allowing the user of the extension to get to the service. Other criticisms are that users may be misled to believe that if HTTPS Everywhere does not switch a site to HTTPS, it is because it does not have an HTTPS version, while it could be that the site manager has not submitted an HTTPS ruleset to the EFF, and that because the extension sends information about the sites the user visits to the SSL Observatory, this could be used to track the user.

Legacy

HTTPS Everywhere initiative inspired

opportunistic encryption Opportunistic encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt communications channels, otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two ...

alternatives : * 2022:

and

Firefox Focus Firefox Focus is a free and open-source privacy-focused mobile browser based on Firefox from Mozilla, available for Android and iOS smartphones and tablets. Firefox Focus was initially a tracker-blocking application for mobile iOS devices, rel ...

HTTPS-only Mode * 2021:

HTTPS-only Mode * 2020:

Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and ...

built-in HTTPS-only Mode. * 2019: ''HTTPZ'' for

/ WebExt supporting browsers. * 2017: ''Smart-HTTPS'' (closed-source early since v0.2),

References

{{TLS/SSL Electronic Frontier Foundation Discontinued free Firefox WebExtensions Free software programmed in JavaScript Google Chrome extensions Opera Software Secure communication Software using the GPL license Tor (anonymity network) Transport Layer Security