What is HTTPS?
Before you can understand what HTTPS Everywhere does, you first have to understand what
HTTPS and HTTP are. Hypertext Transfer Protocol (HTTP) is the foundation of the internet. It
is the protocol that is used to transmit all sorts of data, including web page content, from a server
to your home computer (or vice versa). Whenever you visit a website your browser sends an
HTTP request to that website's server, that then responds to the request and sends you the data
that has been requested.
The problem with HTTP however is that it isn't in any way secure. What this means is that if
you're sitting in a coffee shop with a MacBook Pro writing your masterpiece autobiography and
you decide to take a break and browse around online, then somebody else in the coffee shop can
watch everything you do. This may not be a problem if you're just looking up lens-less Raybans,
but if you were to try to purchase them over standard HTTP someone could steal the credit card
information that you entered. This can also be a problem when sending confidential emails,
browsing embarrassing Brony websites, logging into accounts, or using monitored networks.
Basically, everything you do online through HTTP can be surveilled by someone else.
*Note: Tor users should always use HTTPS whenever possible, especially when logging into
accounts, due to the fact that exit nodes can view and modify your data.
HTTPSecure
Hypertext Transfer Protocol Secure (HTTPS) is what fixes these problems. HTTPS uses the
same method of data request and response as HTTP, except it layers it on top of SSL or TLS
encryption. This is similar to sending a letter in the mail, in which case HTTP would be the letter
and SSL/TLS would be the sealed envelope, preventing anyone from reading it. In the same way
that you wouldn't send a letter without an envelope, you shouldn't send data without SSL or TLS.
Of course, this isn't the perfect analogy, as an envelope can be trivially opened by an adversary,
whereas SSL/TLS encryption is far more secure.
HTTPS Everywhere
HTTPS is quite common on the internet. Unfortunately, while many sites may offer HTTPS,
many do not enable it by default. Instead, it is often left to the user to explicitly request the use of
HTTPS. Also, the HTTPS version of websites may often use links that point to the HTTP
version, essentially downgrading your session without you realizing it. This is where HTTPS
Everywhere comes in.
Created by the Electronic Frontier Foundation, HTTPS Everywhere is a Firefox and Chrome
add-on that enables HTTPS whenever it is available, and fixes those problematic links. The
beauty of this is that it stomps all over the misconception that encryption is complicated and
cumbersome. All you have to do is install the add-on and a large portion of your data will
become encrypted without you ever lifting a finger. This significantly benefits your online
privacy, and is something that you could put on your grandmother's computer without her ever
noticing.
The add-on can be downloaded from the EFF's website for both Firefox and Chrome.
Before you can understand what HTTPS Everywhere does, you first have to understand what
HTTPS and HTTP are. Hypertext Transfer Protocol (HTTP) is the foundation of the internet. It
is the protocol that is used to transmit all sorts of data, including web page content, from a server
to your home computer (or vice versa). Whenever you visit a website your browser sends an
HTTP request to that website's server, that then responds to the request and sends you the data
that has been requested.
The problem with HTTP however is that it isn't in any way secure. What this means is that if
you're sitting in a coffee shop with a MacBook Pro writing your masterpiece autobiography and
you decide to take a break and browse around online, then somebody else in the coffee shop can
watch everything you do. This may not be a problem if you're just looking up lens-less Raybans,
but if you were to try to purchase them over standard HTTP someone could steal the credit card
information that you entered. This can also be a problem when sending confidential emails,
browsing embarrassing Brony websites, logging into accounts, or using monitored networks.
Basically, everything you do online through HTTP can be surveilled by someone else.
*Note: Tor users should always use HTTPS whenever possible, especially when logging into
accounts, due to the fact that exit nodes can view and modify your data.
HTTPSecure
Hypertext Transfer Protocol Secure (HTTPS) is what fixes these problems. HTTPS uses the
same method of data request and response as HTTP, except it layers it on top of SSL or TLS
encryption. This is similar to sending a letter in the mail, in which case HTTP would be the letter
and SSL/TLS would be the sealed envelope, preventing anyone from reading it. In the same way
that you wouldn't send a letter without an envelope, you shouldn't send data without SSL or TLS.
Of course, this isn't the perfect analogy, as an envelope can be trivially opened by an adversary,
whereas SSL/TLS encryption is far more secure.
HTTPS Everywhere
HTTPS is quite common on the internet. Unfortunately, while many sites may offer HTTPS,
many do not enable it by default. Instead, it is often left to the user to explicitly request the use of
HTTPS. Also, the HTTPS version of websites may often use links that point to the HTTP
version, essentially downgrading your session without you realizing it. This is where HTTPS
Everywhere comes in.
Created by the Electronic Frontier Foundation, HTTPS Everywhere is a Firefox and Chrome
add-on that enables HTTPS whenever it is available, and fixes those problematic links. The
beauty of this is that it stomps all over the misconception that encryption is complicated and
cumbersome. All you have to do is install the add-on and a large portion of your data will
become encrypted without you ever lifting a finger. This significantly benefits your online
privacy, and is something that you could put on your grandmother's computer without her ever
noticing.
The add-on can be downloaded from the EFF's website for both Firefox and Chrome.
0 Comments:
Post a Comment