HTTPS

As part of the Data Privacy Day 2012, EFF is calling on websites to protect online privacy by enabling HTTPS. If you are planning to implement HTTPS on your website in 2012 as part of International Data Privacy Day, please email Jolynn Dellinger at jolynn@staysafeonline.org so your site can be recognized on the International Data Privacy Day page.

HTTPS is a protocol that provides secure Internet transactions between web browsers and web sites. You can check to see if the web page you are visiting uses HTTPS by making sure that the URL at the top of your browser begins with HTTPS rather than HTTP. The "S" stands for secure. Some browsers also indicate that you are using a secure connection by displaying a closed lock in the corner of the browser. 

HTTPS protects users from certain kinds of Internet surveillance. By encrypting your connection, HTTPS prevents eavesdroppers from seeing the contents of your communication with a website, including potentially sensitive data such as the contents of your email and chats, login credentials, search terms, and credit card numbers. Many sites support the use of HTTPS, but may not turn it on by default. Other sites have failed to implement HTTPS at all.

The rise of open wireless networks in coffee shops and libraries means that users are sharing network connections with strangers everyday, and tools like Firesheep and Wireshark make it a trivial matter for individuals with minimal technical knowledge to eavesdrop on what users are reading and writing online.  To safeguard the privacy of our reading habits on the Internet, we need to encrypt the web. And that means websites - from online newspapers to social networks to email providers to online stores - need to take the initiative and start enabling HTTPS.

Individual users

In order to make sure that you are using the secure version of a website when one is available, EFF recommends using our HTTPS Everywhere browser extention for Firefox. If a website that you visit supports HTTPS, but is not included in the HTTPS Everywhere database, you can submit a new rule.

Want to help EFF track and analyze the implementation of HTTPS around the web?  Look around the web to see what sites are HTTPS-enabled and report them to HTTPS Now, a project of EFF and Access Now. They've got instructions on how to test a site's support for HTTPS and report it to the community.

Remember, HTTPS is not an anonymity tool. Eavesdroppers can still see where you are connecting from and the sites you are connecting to, and the sites themselves can still track and record your activity. EFF recommends using Tor if you are concerned about anonymity.

Website administrators and companies

If you are a site admin who would like to protect users' privacy by enabling HTTPS on your site, EFF has these suggestions. Once you have enabled HTTPS on your site, please submit a new rule to HTTPS Everywhere. If you are planning to implement HTTPS on your website in 2012 as part of International Data Privacy Day, please email Jolynn Dellinger at jolynn@staysafeonline.org so your site can be recognized on the International Data Privacy Day page.

Related Issues

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

EFF joins other rights groups in calling on Twitter to restore API access to Politwoops https://eff.org/r.qdng

Sep 4 @ 2:22am

Good news! In major policy shift, DOJ tells law enforcement agents: Want to use a Stingray? Get a warrant. https://eff.org/r.bbky

Sep 3 @ 5:30pm

DOJ saw the writing on the wall, will require a warrant to use 'Stingray' cellphone trackers: https://eff.org/r.fbd9

Sep 3 @ 4:38pm
JavaScript license information