Has anyone got this installed? Is it worth it?

http://lifehacker.com/5828683/https-everywhere-leaves-beta-now-supports-over-1000-sites

I use it.

I like it because Google used to come in Vanilla flavor, and you can access Facebook that is blocked but I'm not sure about the rest.

yeah, definitely.

When I initially installed it, I remember thinking that I would never download a FF addon from any location other than the mozilla addons site, EXCEPT from the EFF.

Not to use https everywhere is pure stupidity. Something i hope will be implemented sometime in the future. Since just http opens up for alot of nasty things, can soooooo simple can be exploited.

It's ridiculousness.

i use it, i can't complain about it

Has anyone got this installed? Is it worth it?

http://lifehacker.com/5828683/https-everywhere-leaves-beta-now-supports-over-1000-sites

I suggest you read the FAQ (https://www.eff.org/https-everywhere/faq/) to understand what it does and what it doesn't.

The extension name suggests that it will provide encryption for any site, which is not the case. Even on sites that support https, you might be receiving some unencrypted data.


Not to use https everywhere is pure stupidity. Something i hope will be implemented sometime in the future. Since just http opens up for alot of nasty things, can soooooo simple can be exploited.

It's ridiculousness.

HTTPS is more secure, so why isn't the Web using it? (http://arstechnica.com/web/news/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it.ars)

Iranian Claims Credit For Comodo Hack (http://www.informationweek.com/news/security/attacks/229400455)

Another article, posted yesterday:

http://www.brighthub.com/hubfolio/matthew-casperson/blog/archive/2011/08/08/https-everywhere-not-a-substitute-for-common-sense.aspx

The extension name suggests that it will provide encryption for any site, which is not the case.

I guess "HTTPS In a Small Number of Sites" wasn't really considered snappy.

I guess "HTTPS In a Small Number of Sites" wasn't really considered snappy.

:lol:

Not to use https everywhere is pure stupidity. Something i hope will be implemented sometime in the future. Since just http opens up for alot of nasty things, can soooooo simple can be exploited.

It's ridiculousness.


+1

With all the nasty things out there in the Interweb I cannot see a case for not using it.

HTTPS is so easy to man-in-the-middle-pwn-ing, its tunnel-able

HTTPS is so easy to man-in-the-middle-pwn-ing, its tunnel-able

thats why certificate security and endpoint identification is important. not a flaw of the protocol, but a problem with reliably identifying the remote partner.

Check the KEY-PAR new features of HTML5 (under development) seems interesting...

It's not used everywhere because if you want to run an HTTPS server you have to get a certificate. Unless you want your users to see the black and yellow cop in Firefox warning about a self-signed certificate, you have to fork out money (depending on who you go to, you have to fork out good money) to a certificate authority. That certificate expires, mind you, so you'll have to fork out that money again in 3-5 years. And that certificate is only good for that domain on that machine (and I think even that server name, e.g. if you change from foo.bar.com to baz.bar.com the certificate is now invalid).

For the likes of Facebook, Google, and other mega sites, yeah, HTTPS is no big deal. For the mom and pops of the internet, it can be a pain in the butt (and the wallet).

Interesting comments guys, I understand there is a cost to buying a certificate for ssl purposes but surely most of the big sites should be doing this?

Out of interest and kind off the topic, what other FF addon's do people use for security purposes? Me, personally I always use Adblock, Flashblock and the daddy of all addons, no script.