Is there an HTTPS Everywhere add on for Chrome, MSIE or safari?

23

8

I really like this HTTPS Everywhere add-on for Firefox. But I tend to browser hop, so have similar HTTPS-preferring add-ons been released for the other major browsers?

MatthewMartin

Posted 2010-07-10T12:21:53.630

Reputation: 528

Answers

4

In the years since this question was asked, the EFF has made progress developing versions of HTTPS Everywhere for other browsers.

Supported browsers

Currently, HTTPS Everywhere is available for the following browsers:

The Chrome and Opera versions used to be in beta when this answer was originally written, but all versions listed above have now entered stable phase.

user2428118

Posted 2010-07-10T12:21:53.630

Reputation: 331

While that is very nice formatting, it's usually best to stick with the more conventional Markdown formatting tools to ensure proper display on all devices ;) – Der Hochstapler – 2014-03-31T09:55:36.113

10

Beware that regarding KB SSL Enforcer, HTTPS Everywhere looks rather cautious.

The front page states

There is a Chrome extension called KB SSL Enforcer which attempts to take that approach, but it does not appear to be implemented securely; when we tested it, it seemed to always use http before https, which means that your surfing habits and authentication cookies are not protected (this may be a limitation of the Chrome Extensions framework).

There is also a specific entry in the FAQ about the add-on topic from a broader perspective:

Q. Will there be a version of HTTPS Everywhere for Chrome? Or IE, Safari, Opera, or some other browser?

A. Our understanding is that the Chrome extensions API does not support request rewriting. That means that there is currently no way to write a secure version of HTTPS Everywhere without modifying the Chrome source code. However, Chrome's developers have shown interest in supporting extensions of this sort, so this limitation may change in a future version of Chrome. We believe the IE and Safari APIs have similar limitations. But if you happen to know a way to perform secure request rewriting in these browsers, feel free to let us know at https-everywhere at EFF.org (but note that modifying document.location or window.location in JavaScript is not secure).

Note: For a safer browsing, the provided links will redirect one to https page ;-)

Note 2: The author of KB SSL Enforcer is well aware of the issue (cf. issue #25)

nulltoken

Posted 2010-07-10T12:21:53.630

Reputation: 201

8

Look in to KB SSL Enforcer http://goo.gl/8xeB and see if that will do what you are looking for. I have not tried it but it seems to do the same thing.

Secure Login Helper http://goo.gl/5f8R also seems to do this but only to login sites, not everything.

David Remy

Posted 2010-07-10T12:21:53.630

Reputation: 1 899

4

According to the EFF this extension does not work correctly: ".. but it does not appear to be implemented securely; when we tested it, it seemed to always use http before https, which means that your surfing habits and authentication cookies are not protected" - cite from https://www.eff.org/https-everywhere

– Robert – 2011-01-18T18:45:49.540

I never tried either of these and after looking at the new EFF pages would not suggest them. As is in the new top accepted solution I would now suggest https://www.eff.org/https-everywhere for both Firefox and Chrome.

– David Remy – 2012-03-01T21:15:49.653

2

jrc03c

Posted 2010-07-10T12:21:53.630

Reputation: 7 626

3Isn't that stopping access to like 99% of the web? – Arjan – 2010-07-10T16:26:51.900

I'm sorry...you might be right. I didn't actually read much into the technical details; I just assumed it was a force-https-where-available kind of mode, but you might be right. – jrc03c – 2010-07-11T03:17:22.480

2This answer is wrong - the presented command line parameter only forces the SSL certificate verification, but it uses SSL not more often than before. – Robert – 2011-01-18T18:49:42.877

2

Please look at HTTPS Enforcer. It is a Google Chrome extension, and it uses database from Firefox https everywhere extension.

The HTTPS Enforcer extension makes it easy to ensure you’re connecting to secure sites by rewriting all requests to an HTTPS URL whenever you visit one of the sites HTTPS Everywhere supports.

Kos

Posted 2010-07-10T12:21:53.630

Reputation: 21

1

I use TwitterSSL and FacebookSSL in Safari. Can't edit the search engine so Google SSL in the search box is a no go :(

ggustafsson

Posted 2010-07-10T12:21:53.630

Reputation: 1 698

1

From the EFF FAQ

Q. Will there be a version of HTTPS Everywhere for Chrome? Or IE, Safari, Opera, or some other browser? A. The Chrome extensions API does not support request rewriting. That means that there is currently no way to write a secure version of HTTPS Everywhere without modifying the Chrome source code. However, Chrome's developers have shown interest in supporting extensions of this sort, so this limitation may change in a future version of Chrome. We believe the IE and Safari APIs have similar limitations. But if you happen to know a way to perform secure request rewriting in these browsers, feel free to let us know at https-everywhere at EFF.org (but note that modifying document.location or window.location in JavaScript is not secure).

Dinaiz

Posted 2010-07-10T12:21:53.630

Reputation: 163

Asked: 2010-07-10T12:21:53.630

Viewed: 14 708 times

Active: 2016-12-22T21:26:38.757