February 3, 2014 | By Parker Higgins

Making the Mobile Web Safer with HTTPS Everywhere

EFF is bringing the security and privacy of HTTPS Everywhere to an important new frontier: your Android phone. As of today, you can install HTTPS Everywhere on Firefox for Android (until now, it could only protect desktop browsers). With HTTPS Everywhere installed, Firefox for Android encrypts thousands of connections from your browser that would otherwise be insecure. This gives Firefox a huge security advantage over every other mobile browser available today.

This is exciting news, because HTTPS encryption allows smartphone users to safely download apps, browse the web, exchange emails and instant messages, sync data between devices, and countless other everyday tasks. As we carry around our phones and tablets, we often connect to unfamilar WiFi networks, putting our personal data at risk of being monitored, collected, and tampered with by anyone else on the same network, as well as Internet Service Providers, network operators, and government agencies. In fact, we discovered last week that NSA and GCHQ have been invisibly tracking and profiling users based on data leakage from smartphone apps.

HTTPS Everywhere guards agains these attacks in your browser by switching insecure HTTP connections to secure HTTPS connections whenever possible using thousands of URL rewrite rules. Whereas data sent to a server over HTTP can easily be read and modified by third parties, HTTPS uses strong encryption to guarantee data confidentiality and integrity.

To install HTTPS Everywhere for Firefox Android:

  1. Install the latest release of Firefox on your Android phone.
  2. Open the HTTPS Everywhere download link in Firefox for Android.

Once HTTPS Everywhere is installed, you'll see its icon on the right hand side of the address bar. You can click the icon to turn rewrite rules on/off for the current page or click-and-hold the icon to restore default settings.

By our estimates, HTTPS Everywhere encrypts hundreds of billions of page views and over a trillion individual requests per year. However, there's an important limitation: it can only encrypt requests where the website you're connecting to supports HTTPS in the first place. It's essential that more sites across the web take up the responsibility of enabling HTTPS encryption. Recent revelations have made it abundantly clear that all apps should be committed to sending no user data unencrypted. The browser is a great place to start that commitment.

PS — a quick note to iPhone users: we're sorry we can't help you to secure your mobile browsing experience. Apple's policy of locking out Mozilla means you can't have a more secure browser in your pocket.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Congress just voted to repeal #broadbandprivacy rules & we need you on our side in the coming battles. Support EFF. https://supporters.eff.org/do...

Mar 29 @ 12:12pm

Watch this video tutorial and share it with your friends to make your Facebook posts more private. https://www.eff.org/deeplinks...

Mar 29 @ 9:47am

EFF kicks off intro security trainings for tech newbies at the @SFPublicLibrary tonight. Tell your friends! https://www.eff.org/deeplinks...

Mar 28 @ 4:49pm
JavaScript license information