EFF Calls on Websites to Implement HTTPS As Part of Data Privacy Day
January 28th is Data Privacy Day, also known as International Privacy Day. To celebrate, EFF is calling on users to protect online privacy by in three ways: download HTTPS Everywhere to ensure you use HTTPS when possible; help us catalog sites that are using HTTPS by contributing to HTTPS Now; and, if you administer a site, commit to enabling HTTPS support in 2012.
HTTPS is a protocol that provides secure Internet transactions between web browsers and web sites. You can check to see if the web page you are visiting uses HTTPS by making sure that the URL at the top of your browser begins with HTTPS rather than HTTP. The "S" stands for secure. Some browsers also indicate that you are using a secure connection by displaying a closed lock in the corner of the browser.
HTTPS protects users from certain kinds of Internet surveillance. By encrypting your connection, HTTPS prevents eavesdroppers from seeing the contents of your communication with a website, including potentially sensitive data such as the contents of your email and chats, login credentials, search terms, and credit card numbers. Many sites support the use of HTTPS, but may not turn it on by default. Other sites have failed to implement HTTPS at all.
The rise of open wireless networks in coffee shops and libraries means that users are sharing network connections with strangers everyday, and tools like Firesheep and Wireshark make it a trivial matter for individuals with minimal technical knowledge to eavesdrop on what users are reading and writing online. To safeguard the privacy of our reading habits on the Internet, we need to encrypt the web. And that means websites - from online newspapers to social networks to email providers to online stores - need to take the initiative and start enabling HTTPS.
In order to make sure that you are using the secure version of a website when one is available, EFF recommends using our HTTPS Everywhere browser extension for Firefox. If a website that you visit supports HTTPS, but is not included in the HTTPS Everywhere database, you can submit a new rule.
Want to help EFF track and analyze the implementation of HTTPS around the web? Look around the web to see what sites are HTTPS-enabled and report them to HTTPS Now. They've got instructions on how to test a site's support for HTTPS and report it to the community.
Remember, HTTPS is not an anonymity tool. Eavesdroppers can still see where you are connecting from and the sites you are connecting to, and the sites themselves can still track and record your activity. EFF recommends using Tor if you are concerned about anonymity.
Website administrators and companies
If you are a site admin who would like to protect users' privacy by enabling HTTPS on your site, EFF has these suggestions. Once you have enabled HTTPS on your site, please submit a new rule to HTTPS Everywhere. If you are planning to implement HTTPS on your website in 2012 as part of International Data Privacy Day, please email Jolynn Dellinger at firstname.lastname@example.org so your site can be recognized on the International Data Privacy Day page.