Securing your browsing using HTTPS Everywhere

Security, ,

Securing your browsing

I would recommend that this is the first thing you do as part of securing your internet habits. What this does is try to make sure that all communication between you and the website that you are connecting to is encrypted. The success of this depends on the configuration of the web site you are connecting to. If the server does not provide encryption, then you won’t be able to connect securely. Many sites have a mixture of secure and insecure parts.

This wont’ hide the sites you visit, and it may not even hide the parts of the site you visit, but it will try and keep the information that you download as secure as possible.

The aptly-named HTTPS Everywhere from the Electronic Frontier Foundation (EFF) adds this capability to Firefox, Chrome and Opera browsers. Due to privacy issues with the Firefox Add-on site, they provide the link to the add-in on their own site.

Installing HTTPS Everywhere in Firefox

Visit the HTTPS Everywhere site and click on your browser.

http://www.wordpress.lonbil.co.uk/wp-content/uploads/2014/01/HTTPS-Everywhere-01.png

I’m using Firefox, so I press the Install in Firefox button. A dialog box will pop up asking you to confirm that you want to allow this extension to be installed.http://www.wordpress.lonbil.co.uk/wp-content/uploads/2014/01/HTTPS-Everywhere-02.png

Provided you allow this, a few seconds later you will see the add-on install dialog on the screen. Press the Install button to install the add-on.

I would not normally install an add-on that is not hosted on the Mozilla web site, but the EFF has a long history of security and for my purposes I am prepared to trust an add-on that they provide.

http://www.wordpress.lonbil.co.uk/wp-content/uploads/2014/01/HTTPS-Everywhere-03.png

The add-on box also reminds you to only install add-ons from authors (or organisations) that you trust.  Press the Install Now button to install the add-on. This will take a couple of seconds.  If the installation is successful, you will be prompted to restart the browser.  I have installed this on both Firefox and Chrome without any issues.

You will need to restart your browser for the extension to start working.  http://www.wordpress.lonbil.co.uk/wp-content/uploads/2014/01/HTTPS-Everywhere-04.pngWhen you restart the browser you will see a new icon in the status bar. Clicking on this will show a drop down menu showing the rules that are enabled. Selecting the SSL Preferences option will bring up the preferences window.

Configuring HTTPS Everywhere (Optional)

I have clicked on the show advanced options button to show the advanced options.  These are not displayed by default.

http://www.wordpress.lonbil.co.uk/wp-content/uploads/2014/01/HTTPS-Everywhere-05.png

By opting in to the observatory, you can help make the internet browsing experience by submitting the certificates you see to the EFF.  They use all the information provided to try and detect “Man in the Middle” (MITM) attacks. If you are interested in how a MITM attack works, a good primer can be found here on Wikipedia.

You can read more about this add-on  at the FAQ on the EFF website.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.