The Electronic Frontier Foundation and the Tor Project have released a beta version of a Mozilla Firefox extension that encrypts communications between Web users and some high-profile sites.
The extension, dubbed “HTTPS Everywhere,” works by rewriting all requests to the sites to HTTPS. Among the sites it works with are Google, Twitter, Wikipedia and Facebook.
According to EFF, many sites offer limited support for encryption over HTTPS, but make it difficult to use, defaulting for example to an unencrypted HTTP.
“This Firefox extension was inspired by the launch of Google’s encrypted search option,” blogged Peter Eckersley, senior technologist at EFF. “We wanted a way to ensure that every search our browsers sent was encrypted.”
Google announced in May it was rolling out the use of Secure Sockets Layer (SSL) encryption technology for its search engine. Currently, the project remains in beta and does not extend the SSL protection to features like Google Maps. Google also added always-on HTTPS to Gmail earlier this year as well.
In its announcement, the EFF warned that many sites still include content from third-party domains that is not available over HTTPS.
“As always, even if you’re at an HTTPS page, remember that unless Firefox displays a colored address bar and an unbroken lock icon in the bottom-right corner, the page is not completely encrypted and you may still be vulnerable to various forms of eavesdropping or hacking (in many cases, HTTPS Everywhere can’t prevent this because sites incorporate insecure third-party content),” Eckersley added.