HTTPSEverywhere: Don’t Stop at Facebook’s HTTPS Option

Switching Facebook to HTTPS for use on un- or under-protected public networks (some coffeeshops, e.g.) is a good idea, and I’m glad to see a spate of status messages telling people how to do it. But those using Firefox might also consider the extension HTTPSEverywhere, which forces a number of common sites (including Facebook) into the same behavior.

Besides protecting you across a far greater range of websites, one advantage of the extension is that you can switch it on and off pretty easily—both globally and for individual sites. I turn it off while I’m on my home network (much more secure, much less at-risk) or on a school’s network (typically much, much more secure), so that I can access non-secure content like the Facebook’s SCRABBLE app, and so that pages load more quickly.

Regrettably, there is no good equivalent for other browsers, as of the last time I checked. (There are Chrome and Safari extensions, but they don’t cover your HTTP transaction from beginning to end, as I understand it.) But even when I was mostly using Safari, I would only use Firefox—with HTTPSEverywhere enabled—when I was at the coffeeshop. As it stands, I enable it for anything less than WPA2 networks.

I’m certainly no security expert, but I think this is a relatively safe practice. WPA2 networks are also inherently insecure—maybe all networks are?—but I’m just playing the numbers that nobody willing to take all the extra steps of getting into my data on a WPA2 network is going to happen to be in my coffeeshop at the same time I am. It’s sort of like deciding to unbuckle your seatbelt while the plane is still taxiing to the gate. Sure, something could happen, but…

For the record, even though I do use HTTPSEverywhere, I’ve also enabled Facebook’s HTTPS option. I like that it makes transparent the difference between secure and insecure content, and allows you the choice of switching to a plain old HTTP connection when you try to access insecure content:

Facebooks Insecure Content Warning
Facebook's Insecure Content Warning (Click to view full-size.)

I also like the Facebook option as a backup for one of the most important sites covered by the Firefox extension, which I could easily forget to enable someday. After all, until I get to the coffeeshop, I haven’t had my morning coffee, and without it, let’s just say my memory’s not so useful.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s