Do you run a web site? Does HTTPS Everywhere affect it? We're asking you to help us make HTTPS Everywhere better and more reliable, by consulting our new HTTPS Everywhere Atlas to see how your site is affected.
EFF's HTTPS Everywhere software, co-developed with the Tor Project, helps protect online privacy and security by asking browsers to go to the secure version of a web site every time, even if the user doesn't specifically ask for it. Using the secure version of web sites helps make it harder for people to spy on or censor the content of the sites you visit, or to steal your account passwords or credentials by intercepting your network connections.
HTTPS Everywhere has to rewrite individual URLs into their secure HTTPS equivalents, where these exist. How does the software know how to do this? A large database of rulesets describes the details of HTTPS support on each individual site we support—currently almost 6,000 rulesets affecting around 15,000 domain names! These rules are maintained by us and by a network of volunteers, and they need to be updated whenever the amount (or location) of HTTPS support on any site changes. The rules are more than a simple list of sites that offer HTTPS; often a fairly elaborate transformation is involved. The old version of Wikipedia's site, for example, needed a rewriting rule capable of turning
(Notice that that was wikimedia.org—the organization that hosts Wikipedia—not wikipedia.org.) Fortunately, the current version of the Wikipedia site supports the simpler, more intuitive form
—but we had to roll out a specific change in HTTPS Everywhere when this reorganization happened!
The number of rules we include has been growing rapidly, reflecting both improved adoption of HTTPS all over the web and increased interest by our user base in expanding HTTPS Everywhere's site coverage.
That means that the odds of encountering a broken or outdated rule have been growing, too—for instance, if we don't realize that a web site stopped offering a secure version or started offering it at a new address, or only to its logged-in users. We aim to address this by involving webmasters more directly in the development process and letting them know more proactively how HTTPS Everywhere will affect their sites.
Today we're announcing the first step in this process: the new HTTPS Everywhere Atlas, a way for webmasters to look up most rules that could directly affect their domains, without needing to browse or search through the thousands of items in the ruleset libraries. The Atlas is organized by domain, so if you're the webmaster for whitehouse.gov, you can go to the whitehouse.gov Atlas page and learn about how HTTPS Everywhere will affect your users—and how to contact us about potential problems.
In the near future, we'll also begin directly contacting all 15,000 sites' webmasters directly to make them aware of this resource and what they need to know about HTTPS Everywhere.
Even if you're not a web site operator, you can help improve the quality of HTTPS Everywhere by installing it and letting us know if you have any problems or suggestions!