How To: Use HTTPS Everywhere for Browser Privacy

by Tracy Knauer •

HTTPS Everywhere is a browser extension that automatically encrypts Web traffic with SSL protection whenever it is available. Here’s how to use it, and what you should know about its limitations.

About HTTPS Everywhere

Under the HTTPS protocol, data is encrypted so that people monitoring your network connection cannot read what you send or receive through the browser.

HTTPS is available from most major websites. However, many sites do not provide HTTPS connections by default. Users have to request them manually.

HTTPS Everywhere is a simple tool that automatically requests HTTPS encryption from sites that offer it. Developed by the Electronic Frontier Foundation and the Tor Project, the extension supports the Firefox, Chrome, Chromium and Opera browsers.

Installing HTTPS Everywhere

Installing HTTPS Everywhere is easy. Follow these steps:

  1. Open the Web browser in which you want to install HTTPS Everywhere.
  2. Navigate to https://www.eff.org/https-everywhere.
  3. Scroll down to the “Recent Releases” section.
  4. Click the link for the most recent release that supports your browser. Your browser should prompt you to install the extension automatically.
  5. If the above method fails, you can also try installing the extension from your browser’s app store. For example, on Firefox, click the Add-ons tab, then search for HTTPS Everywhere.

Once installed, the tool should begin protecting your connections automatically. In most cases, it will also keep itself updated automatically, but if it does not you may need to update it manually whenever a new release of the extension appears.

Limitations

HTTPS Everywhere provides a simple, convenient way to add some privacy to your browsing. But it’s important to understand the following limitations:

  1. It doesn’t encrypt traffic on sites that don’t support HTTPS. That data can still be intercepted even if you have the extension installed.
  2. It doesn’t protect you against HTTPS spoofing attacks. Attackers could set up malicious websites with fake SSL certificates to perform man-in-the-middle attacks in order to intercept your data. In most cases, your browser will warn you if it detects a problem with the SSL certificate on a site you are trying to access; you need to heed these warnings whether or not HTTPS Everywhere is installed.
  3. It won’t encrypt traffic outside of your Web browser. Torrents (unless they are Web-based), chat apps and so on need to be encrypted in other ways.
  4. It provides no anti-censorship functionality. For that, you need Tor or a VPN.

Leave a Reply

Your email address will not be published.