San Francisco - The Electronic Frontier Foundation (EFF) launched the 2.0 version of HTTPS Everywhere for the Firefox browser today, including an important new update that warns users about web security holes.

The "Decentralized SSL Observatory" is an optional feature that detects encryption weaknesses and notifies users when they are visiting a website with a security vulnerability – flagging potential risk for sites that are vulnerable to eavesdropping or "man in the middle" attacks.

"In recent weeks, an unexpected weakness in the encryption used by many routers, firewalls and VPN devices made big news," said EFF Technology Projects Director Peter Eckersley. "The new version of HTTPS Everywhere for Firefox will let users know when they connect to a website or device that has a security problem – including weak key problems like the ones that were disclosed two weeks ago – giving people the information they need to protect themselves."

The HTTPS Everywhere browser extension has already been installed more than a million times since it was first launched in 2010 in collaboration with the Tor Project. HTTPS Everywhere helps secure web use by encrypting connections to more than 1,400 websites, using carefully crafted rules to switch sites from HTTP to HTTPS whenever possible, increasing your security and privacy. Without HTTPS, your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking.

"EFF and the Tor Project created HTTPS Everywhere to make it easier for people to keep their usernames, passwords, and browser histories secure and private. Now, the 2.0 release also gives Internet users more information about deeper security problems they couldn't spot on their own," said Eckersley. "This is an extra level of protection that we encourage Firefox users to download, install, and use."

The user interface for HTTPS Everywhere for Firefox has now been translated into 12 languages, as browser security is critical in countries around the world.

Also available today is a beta version of HTTPS Everywhere for the Chrome browser. The Chrome release includes the increased encryption features available in the Firefox version, but it does not yet notify users of weak key vulnerabilities and other certificate problems.

To download or update HTTPS Everywhere:
https://www.eff.org/https-everywhere

Contact:

Peter Eckersley
   Technology Projects Director
   Electronic Frontier Foundation
   pde@eff.org

Related Issues