Get instant browser privacy, with HTTPs Everywhere

8
159

There is no privacy, sorry. At least not if you’re using your devices normally. But if you want some measure of protection, and want the NSA (National Security Agency) out of your personal communications as a matter of principle, then check out free browser extension HTTPs Everywhere.

HTTPs Everywhere is a browser extension for Chrome and Firefox that you simply install and forget about. It taps into the HTTPs servers (secure servers) that a lot of sites have, and makes sure you stay there, which can prevent eavesdropping and ensures the authenticity of the contents of the site and the integrity of the information that you send to the site. It can also prevent unauthorized access to your communications in both directions: i.e. hiding both the content you access as well as the text of  the communication or messages you are sending.

But there’s lots that HTTPs access will not conceal, such as the identities of the sites you access, how much time you spent on them, and the size of the files that you are looking at, which someone can use to ‘guess’ the pages that you are accessing. In other words, it does not provide anonymous browsing, but can secure your personal communications. It will also NOT do this for all websites, but rather only those who offer HTTPs server access, and those who have been identified by the HTTPs Everywhere plugin developers ahead of time and added to it’s whitelist. (As a user, you can write a script or send a request to add a site that is not on the list, that offers HTTPs access).

HTTPs Everywhere Screenshot

A metaphor: to illustrate what HTTPS Everywhere does

Imagine that you’re going into a shopping mall, with someone watching you. Normally, they can see exactly which stores you go into. They can record the items that you touch or look at, they can look over your shoulder and listen to what you say. They may even be able to record your credit card number, etc.

Some stores, however, offer a private shopping experience behind a kind of semi-transparent curtain (i.e. an HTTPs server), where the snoopers cannot see the items you are holding, but can see the shapes in a kind of silhouette behind the curtain (i.e. the files sizes you are accessing). They cannot hear what you say or what is being said to you, and ultimately do not know with certitude what transaction(s) you ended up performing. Of course, they do know which stores you went into, though.

Only works on sites on the HTTPs Everywhere ‘Whitelist’:

Unfortunately, it is only the sites that are already in the HTTPs whitelist that it provides this protection for, and/or their APIs (which is to say, if another site is making a call to sites on the whitelist).

The good news is that these include Google (including all their properties) and Facebook, which are probably what most people are concerned about. They also include Amazon, Bing, but no Yahoo which is currently experimental. It is impossible for HTTPs Anywehre to provide protection if the site doesn’t provide a secure (HTTPs) server. Note: my search for a comprehensive list on the plugin website was not successful.

To find out whether a site you are surfing is protected, click on the HTTPs Everywhere icon in the address bar, and you can see (and disable, if you like) the protection on offer (see screenshot above).

Unintended ‘Side effects’:

Take note that HTTPs Everywhere can have some unintended consequences, such as:

  • In some cases, can prevent you from logging into some WIFI networks: specifically, the ones that let you in and then force their login/registration page when you open the browser
  • It can break some sites: in which case you can (a) disable HTTPS Everywhere for that site, and (b) report the problem so they can fix it.
  • Make some sites look different: which can happen if what they are serving on HTTPs is different (or slightly different) than what is found on HTTP.

The verdict:

Freewaregenius 5-Star PickA browser plugin that you can install and forget, and that can protect your personal communications against snooping. In a word: brilliant. So little cost (in energy and mental bandwidth), with a huge benefit, in that governments, hackers, and the like. It is useful, not just for privacy from government surveillance, but also for protecting you from hackers trying to steal your identity, if that is a concern.

The thing about HTTPs Everywhere is that it is so much less involved than, say, VPN’s or proxies. Sure, it does not offer  anonymous browsing, and does not offer some of the advantages that come with VPN’s (such as tunneling outside your corporate firewall or accessing content restricted by your government), but it requires so much less involvement from the user, because it uses existing servers that are provided anyway by the sites that you are accessing.

Other browsers: there is discussion about versions for Internet Explorer and Safari on the HTTPs website, so go there for more info.

Get the browser extension here (Firefox, Chrome).