Wide deployment of encryption protocol provides basic security for web surfing
The Electronic Frontier Foundation and Access have launched an international campaign for HTTPS Now, rallying consumers around the world to help make web surfing safer.
“We’ve heard a lot about how malicious tools like Firesheep can be used to steal data, including passwords for email and social networking accounts,” said EFF Activist Eva Galperin. “HTTPS Now is aimed at protecting users from attacks like these by spreading the word about HTTPS and how to use it correctly. HTTPS provides the minimum level of security for websites. Without it, no site can make any meaningful security or privacy guarantees to its users.”
HTTPS (Hypertext Transfer Protocol Secure) protects web surfing by encrypting requests from a user’s browser and the resulting pages that are displayed, but many websites default to using the unencrypted and vulnerable HTTP protocol. The HTTPS Now campaign takes a three-pronged approach to protecting web surfing, including distributing updated tools for people to use to protect their web browsing, taking an Internet-wide survey of the state of HTTPS deployment, and helping website operators implement HTTPS.
As a first step, individuals using the web are encouraged to install HTTPS Everywhere, a security tool for the Firefox browser developed by EFF and the Tor Project. HTTPS Everywhere automatically encrypts a user’s browsing, changing it from HTTP to HTTPS whenever possible.
Often, however, security vulnerabilities can’t be cured by changes to a user’s browser. Many websites have not deployed HTTPS, leaving their visitors vulnerable to malicious attacks. For the second prong, we are asking users to let us know whether the sites they visit use HTTPS. We are hoping that our crowd-sourced survey of websites will give us a relatively accurate picture of the current state of HTTPS deployment and Internet security.
EFF has created detailed resources for website operators who are interested in learning how to deploy HTTPS and why it’s important for them to do so.
“We want to make it easier for web users to get the security they need and deserve, but we can’t do it alone. We need an accurate picture of the state of HTTPS on the Internet. After that, we can target website operators and make it easy for them to update their sites,” said Jochai Ben-Avie of Access. “Working together, we can all be safer from identity theft, security threats, viruses, and other things that come from an insecure Internet.”
For more on HTTPS Now: https://www.httpsnow.org