Hacker News new | past | comments | ask | show | jobs | submit login

Thanks to the EFF and the Tor Project we need not worry as much thanks to their HTTPS Everywhere project, a plugin for Firefox: http://www.eff.org/https-everywhere/

Any questions:


Logging into insecure sites over Tor is probably not a good idea. It's always good to assume that people running exit nodes are not the most trustworthy.

HTTPS Everywhere is good but only works on known sites (and known domains for those sites).

I highly dislike the title of it. It is not HTTPS everywhere, it is "HTTPS on sites we know it is possible on".

HTTPS Everywhere only works on a select few sites. You're up a creek for anything it doesn't cover.

And Tor, there's lots of cases where operators did bad things. Don't trust it for sensitive information. http://blog.ironkey.com/?p=201

I realize I should of put more emphasis on "as much" as yes this only works on only a few popular websites as defined by the plugin.

Thanks to reading Techcrunch this morning, I read about this plugin which allows you to manually define which sites you want to force an HTTPS connection on:

Force-TLS https://addons.mozilla.org/en-US/firefox/addon/12714/

Mind you for any of these extensions to work the website you're visiting needs to be already accessible via ssl. If the site does not have encryption, these plugins can't force the sites to automagically start using the encryption it never had.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact