Get instant browser privacy, with HTTPs Everywhere

8
112

There is no privacy, sorry. At least not if you’re using your devices normally. But if you want some measure of protection, and want the NSA (National Security Agency) out of your personal communications as a matter of principle, then check out free browser extension HTTPs Everywhere.

HTTPs Everywhere is a browser extension for Chrome and Firefox that you simply install and forget about. It taps into the HTTPs servers (secure servers) that a lot of sites have, and makes sure you stay there, which can prevent eavesdropping and ensures the authenticity of the contents of the site and the integrity of the information that you send to the site. It can also prevent unauthorized access to your communications in both directions: i.e. hiding both the content you access as well as the text of  the communication or messages you are sending.

But there’s lots that HTTPs access will not conceal, such as the identities of the sites you access, how much time you spent on them, and the size of the files that you are looking at, which someone can use to ‘guess’ the pages that you are accessing. In other words, it does not provide anonymous browsing, but can secure your personal communications. It will also NOT do this for all websites, but rather only those who offer HTTPs server access, and those who have been identified by the HTTPs Everywhere plugin developers ahead of time and added to it’s whitelist. (As a user, you can write a script or send a request to add a site that is not on the list, that offers HTTPs access).

HTTPs Everywhere Screenshot

A metaphor: to illustrate what HTTPS Everywhere does

Imagine that you’re going into a shopping mall, with someone watching you. Normally, they can see exactly which stores you go into. They can record the items that you touch or look at, they can look over your shoulder and listen to what you say. They may even be able to record your credit card number, etc.

Some stores, however, offer a private shopping experience behind a kind of semi-transparent curtain (i.e. an HTTPs server), where the snoopers cannot see the items you are holding, but can see the shapes in a kind of silhouette behind the curtain (i.e. the files sizes you are accessing). They cannot hear what you say or what is being said to you, and ultimately do not know with certitude what transaction(s) you ended up performing. Of course, they do know which stores you went into, though.

Only works on sites on the HTTPs Everywhere ‘Whitelist’:

Unfortunately, it is only the sites that are already in the HTTPs whitelist that it provides this protection for, and/or their APIs (which is to say, if another site is making a call to sites on the whitelist).

The good news is that these include Google (including all their properties) and Facebook, which are probably what most people are concerned about. They also include Amazon, Bing, but no Yahoo which is currently experimental. It is impossible for HTTPs Anywehre to provide protection if the site doesn’t provide a secure (HTTPs) server. Note: my search for a comprehensive list on the plugin website was not successful.

To find out whether a site you are surfing is protected, click on the HTTPs Everywhere icon in the address bar, and you can see (and disable, if you like) the protection on offer (see screenshot above).

Unintended ‘Side effects’:

Take note that HTTPs Everywhere can have some unintended consequences, such as:

  • In some cases, can prevent you from logging into some WIFI networks: specifically, the ones that let you in and then force their login/registration page when you open the browser
  • It can break some sites: in which case you can (a) disable HTTPS Everywhere for that site, and (b) report the problem so they can fix it.
  • Make some sites look different: which can happen if what they are serving on HTTPs is different (or slightly different) than what is found on HTTP.

The verdict:

Freewaregenius 5-Star PickA browser plugin that you can install and forget, and that can protect your personal communications against snooping. In a word: brilliant. So little cost (in energy and mental bandwidth), with a huge benefit, in that governments, hackers, and the like. It is useful, not just for privacy from government surveillance, but also for protecting you from hackers trying to steal your identity, if that is a concern.

The thing about HTTPs Everywhere is that it is so much less involved than, say, VPN’s or proxies. Sure, it does not offer  anonymous browsing, and does not offer some of the advantages that come with VPN’s (such as tunneling outside your corporate firewall or accessing content restricted by your government), but it requires so much less involvement from the user, because it uses existing servers that are provided anyway by the sites that you are accessing.

Other browsers: there is discussion about versions for Internet Explorer and Safari on the HTTPs website, so go there for more info.

Get the browser extension here (Firefox, Chrome).


 
 
 
  • Jeff Liu

    “want the NSA (National Security Agency) out of your personal communications as a matter of principle” – Not happening, if they want the certificates, nothing can stop them. In fact, I bet they already have the encryption keys, unless the HTTPS encryption isn’t the same across every user (highly unlikely).

    • SamerKurdi

      Well, yes. But those companies that might give them the certificates know that there will be a price to pay when they are asked about it by the media, and hopefully there will be pressure on them not to disclose in the long run. See Larry Page of Google denying that Google disclosed information, and Mark Zuckerberg doing the same.

    • don gilcrease

      It’s not even a matter of certificates, or anything else legality-wise. They will do whatever they want to do, whether it is legal or not. If they can easily do it legally, they’ll do it that way. Otherwise, they’ll do it illegally. That is reality. Do you think the NSA is incapable of hacking every email or Facebook account, or just about anything they want? Less expertise based people do it, and they can too. The NSA has the capability to intercept any email on the planet, and they do it without a second thought. Wrap your head around that and encrypt everything you do, beyond browsing innocuous web sites. Of course, they won’t care a whit about most people – AND – if you’re doing anything that will make them care, encrypt everything – but then, if you’re doing such things, and if you have half a brain, you’re already encrypting anyway, right? Complain about the degradation of our rights vehemently, but encrypt, because they’ll bypass our rights whenever they care to.

  • Someone

    I used to have respect for this site

    “The thing about HTTPs Everywhere is that it is so much less involved than, say, VPN’s or proxies”

    Yeah and the thing about the rhythm method is that it’s so much less involved than, say, the pill or condoms

    And as for “But if you want some measure of protection, and want the NSA (National Security Agency) out of your personal communications,” I don’t know whether to laugh or cry

    • SamerKurdi

      Hello ‘Someone’. That is indeed a very good metaphor, and will be informative to readers.

      “A measure of protection” didn’t mean guaranteed protection by the way, or that this is a foil for the NSA. I guess I was referring to users such as myself, who will not change their browsing habits no matter what alleged surveillance there is, but might install an extension like this one because it’s easy to do so.

      Anyway, I don’t really like to presume that the NSA will do anything, lawful or otherwise, with technology that is beyond anything imaginable, to snoop — and that they are all powerful and ubiquitous. I feel like it’s overblown and may or may not be true, and anyway not a conversation I want to have.

      But I will say that I do not appreciate it when users hide their identity when making a simple comment on a blog.

      • Someone

        “Anyway, I don’t really like to presume that the NSA will do anything, lawful or otherwise, with technology that is beyond anything imaginable, to snoop — and that they are all powerful and ubiquitous. I feel like it’s overblown and may or may not be true”

        That argument is kinda blown out of the water by the fact that the NSA itself has admitted it’s true.

        “and anyway not a conversation I want to have” is kinda kinda shot down by your own leading line “But if you want some measure of protection, and want the NSA (National Security Agency) out of your personal communications”

        “I do not appreciate it when users hide their identity when making a simple comment on a blog.”

        1. A bit ironic under the circumstances.

        2. Why then have you made it possible for people to do so?

        3. I’m not about to sign up to the site for the sake of a single comment.

        I’m guessing you’ve got your reasons for being snippy right now so I’ll leave it at that.

  • Toni

    Away from the NSA-discussion and back on topic: I did install the extension yesterday and already forgot about it because I don’t notice it, so it’s truely set and forget. I just see it as an extra layer of protection against the internet baddies, not especially the government.

    • SamerKurdi

      Exactly. This is a great way to protect yourself from hackers when you’re logging into most sites and checking your webmail from a cafe.