Firefox users worried about Internet eavesdropping are being offered a new way to encrypt their interaction with a range of popular websites, including Facebook and Twitter.
Called HTTPS Everywhere, the free add-on is the result of a collaboration between the Electronic Frontier Foundation (EFF) and the Tor Project.
Sites with which the software works include Google, Wikipedia, Twitter, Facebook, Paypal, as well as content sites such as The new York Times, The Washington Post, and the EFF and Tor.
Based on the Strict Transport Security (STS) evangelised by the team behind the popular security add-on Noscript, the HTTPS mode is identified with a padlock icon. It is also possible to write custom rulesets for others sites, say the creators.
In May, Google itself started offering https search through the https:www.google.com link, which uses a similar concept, but only works for searches through that domain. The latest development, which builds on the fact that many sites offer some SSL connectivity but don’t default to it, appears to have been inspired by Google’s initiative.
The security does have some limitations.
“As always, even if you're at an https page, remember that unless Firefox displays a colored address bar and an unbroken lock icon in the bottom-right corner, the page is not completely encrypted and you may still be vulnerable to various forms of eavesdropping or hacking,” warns the EFF.