The Electronic Frontier Foundation (EFF) launched the 2.0 version of HTTPS Everywhere for the Firefox browser today, including an important new update that warns users about web security holes.
The “Decentralized SSL Observatory” is an optional feature that detects encryption weaknesses and notifies users when they are visiting a website with a security vulnerability – flagging potential risk for sites that are vulnerable to eavesdropping or “man in the middle” attacks.
The HTTPS Everywhere browser extension has already been installed more than a million times since it was first launched in 2010 in collaboration with the Tor Project. HTTPS Everywhere helps secure web use by encrypting connections to more than 1,400 websites, using carefully crafted rules to switch sites from HTTP to HTTPS whenever possible, increasing users’ security and privacy.
“In recent weeks, an unexpected weakness in the encryption used by many routers, firewalls and VPN devices made big news,” said EFF Technology Projects Director Peter Eckersley. “The new version of HTTPS Everywhere for Firefox will let users know when they connect to a website or device that has a security problem – including weak key problems like the ones that were disclosed two weeks ago – giving people the information they need to protect themselves.”
A beta version of HTTPS Everywhere for the Chrome browser has also been released, and it includes the increased encryption features available in the Firefox version, but it does not yet notify users of weak key vulnerabilities and other certificate problems.