I recently came across a cool plugin called “HTTPS Everywhere”, created by EFF and the Tor Project. It automatically switches thousands of sites from insecure “http” to secure “https”. It will protect you against many forms of surveillance and account hijacking, and some forms of censorship.
What is HTTPS and why should we use it instead of HTTP? There is a nice metaphor about using HTTP to log in to internet service — it’s the same as write your username and passwords on a postcard and mail it for the world to see.
While https are protecting users against session hijacking attacks and man-in-the middle attacks, not every website are using it, mainly because of 1) people are ignorant 2) HTTPS is slower and requires more performance on the server.
After the famous “firesheep” firefox plugin, the awareness of the importance of https have risen to gain most website’s attention. For instance, major sites like Google, Twitter, Facebook etc have all moved their sites entirely to HTTPS.
The migration isn’t that easy though. Facebook spent the last two years making infrastructure improvements so that its transition of all its users to HTTPS which starts in last month will “slow down connections only slightly.”
Still, a lot sites are either using HTTP or just using HTTPS for the login page and using HTTP for the rest of their pages. So if you don’t want your online activity be within fingertips of the whole world given that free sniffer softwares are everywhere, use “HTTPS Everywhere” on your Chrome/Firefox to switch from HTTP to HTTPS.
Relevant Links:
http://arstechnica.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it/
http://codebutler.com/firesheep/
http://en.wikipedia.org/wiki/HTTP_Secure
http://techcrunch.com/2012/11/18/facebook-https/
http://gmailblog.blogspot.com/2010/01/default-https-access-for-gmail.html