Anyone else using HTTPS Everywhere or similar?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
URSnshn
Posts: 94
Joined: Sun Mar 13, 2016 6:10 pm

Anyone else using HTTPS Everywhere or similar?

Post by URSnshn » Thu Oct 12, 2017 8:30 am

I've been thinking of using Https Everywhere by EFF or a similar product.

Does anyone have any recommendations, cautions or suggestions?

Here's the link for Https Everywhere: https://www.eff.org/https-everywhere

HoberMallow
Posts: 10
Joined: Sun Feb 12, 2017 3:04 pm

Re: Anyone else using HTTPS Everywhere or similar?

Post by HoberMallow » Thu Oct 12, 2017 9:22 am

I've been using it for years.

You'll see a green lock in the address bar more often, but other than that it's mostly unnoticeable. It helps prevent your ISP from tracking the pages you visit and injecting ads or other annoyances, so using it is a no-brainer for me.

User avatar
Pajamas
Posts: 2531
Joined: Sun Jun 03, 2012 6:32 pm

Re: Anyone else using HTTPS Everywhere or similar?

Post by Pajamas » Thu Oct 12, 2017 9:38 am

I use it. No real problems that I can recall.

azurekep
Posts: 881
Joined: Tue Jun 16, 2015 7:16 pm

Re: Anyone else using HTTPS Everywhere or similar?

Post by azurekep » Thu Oct 12, 2017 11:49 am

URSnshn wrote:
Thu Oct 12, 2017 8:30 am
I've been thinking of using Https Everywhere by EFF or a similar product.

Does anyone have any recommendations, cautions or suggestions?

Here's the link for Https Everywhere: https://www.eff.org/https-everywhere
You should absolutely use it.

The EFF is one of the few organizations that actually cares about consumers, their privacy and their digital rights. They file a lot of lawsuits on our behalf.

Cunobelinus
Posts: 96
Joined: Tue Dec 04, 2012 5:31 pm

Re: Anyone else using HTTPS Everywhere or similar?

Post by Cunobelinus » Fri Oct 13, 2017 3:46 am

I recommend you continue using HTTPS Everywhere. Spread the word.
I caution you against not using it (it's an easy, seamless means of increasing your privacy/security). No downside as far as I know.

I encourage the use of their other extension, Privacy Badger.

Those two extensions/addons are the first ones I put on any compatible browser, followed by uBlock Origin and NoScript. NoScript may be too annoying for some, but I find using NoScript makes internet browsing far less obnoxious on most mainstream commercial sites.

Angelus359
Posts: 749
Joined: Tue Mar 04, 2014 12:56 am

Re: Anyone else using HTTPS Everywhere or similar?

Post by Angelus359 » Fri Oct 13, 2017 8:20 am

I use
httpseverywhere
Ublock origin
Privacy badger

Ublock origin blocks a known list of baddies
Privacy badger uses a learning algorithm to learn what is tracking you and block it

This has been an excellent combination, though admittedly I have an abundance of computer resources on all of my computers

For mobile, I use brave. It is a privacy centric browser
IT-DevOps System Administrator

rav2fi
Posts: 35
Joined: Fri Jan 02, 2015 11:15 am

Re: Anyone else using HTTPS Everywhere or similar?

Post by rav2fi » Fri Oct 13, 2017 8:28 am

The extensions I use for security/adblock:

1. Ublock origin
2. Privacy badger
3. HTTPS everywhere

I haven't experienced any issues with any of the sites I visit while using these.

GuineaPig
Posts: 34
Joined: Tue Jun 20, 2017 10:50 am

Re: Anyone else using HTTPS Everywhere or similar?

Post by GuineaPig » Fri Oct 13, 2017 8:35 am

rav2fi wrote:
Fri Oct 13, 2017 8:28 am
The extensions I use for security/adblock:

1. Ublock origin
2. Privacy badger
3. HTTPS everywhere

I haven't experienced any issues with any of the sites I visit while using these.
I use these three plus Disconnect. Occasionally I find a site doesn't work quite right, in which case I'll run it in a Google Chrome incognito window (the incognito window turns off extensions). That's rare though.

URSnshn
Posts: 94
Joined: Sun Mar 13, 2016 6:10 pm

Re: Anyone else using HTTPS Everywhere or similar?

Post by URSnshn » Fri Oct 13, 2017 2:33 pm

Thank you all for your thoughts on HTTPS Everywhere - sounds like a no brainer.

Also, I appreciate your sharing some other extensions I hadn't been aware of and will check them out!

Angelus359
Posts: 749
Joined: Tue Mar 04, 2014 12:56 am

Re: Anyone else using HTTPS Everywhere or similar?

Post by Angelus359 » Sat Oct 14, 2017 7:12 am

rav2fi wrote:
Fri Oct 13, 2017 8:28 am
The extensions I use for security/adblock:

1. Ublock origin
2. Privacy badger
3. HTTPS everywhere

I haven't experienced any issues with any of the sites I visit while using these.
Hah, we use the same exact set
IT-DevOps System Administrator

djdube525
Posts: 32
Joined: Sat Jul 09, 2016 7:57 am

Re: Anyone else using HTTPS Everywhere or similar?

Post by djdube525 » Sat Oct 14, 2017 7:22 am

Keep in mind, not every site has https enabled. If that's the case, https everywhere will drop down to http, but will let you know...

In an upcoming version of Chrome (may already be there), the browser will start indicating if a given site is un-secure.
https://www.wired.com/story/google-is-a ... -paranoid/

Angelus359
Posts: 749
Joined: Tue Mar 04, 2014 12:56 am

Re: Anyone else using HTTPS Everywhere or similar?

Post by Angelus359 » Sat Oct 14, 2017 7:38 am

If you go to
Chrome://flags
You can enable a setting that will make all http only sites be marked as insecure
IT-DevOps System Administrator

User avatar
F150HD
Posts: 1074
Joined: Fri Sep 18, 2015 7:49 pm

Re: Anyone else using HTTPS Everywhere or similar?

Post by F150HD » Sat Oct 14, 2017 10:24 am

HoberMallow wrote:
Thu Oct 12, 2017 9:22 am
It helps prevent your ISP from tracking the pages you visit and injecting ads or other annoyances, so using it is a no-brainer for me.
You 100% certain on this?

I recall reading how ISPs can analyze/sell peoples browsing data. Were big security concerns over that to many.

User avatar
F150HD
Posts: 1074
Joined: Fri Sep 18, 2015 7:49 pm

Re: Anyone else using HTTPS Everywhere or similar?

Post by F150HD » Sat Oct 14, 2017 10:35 am

rav2fi wrote:
Fri Oct 13, 2017 8:28 am
The extensions I use for security/adblock:

1. Ublock origin
2. Privacy badger
3. HTTPS everywhere

I haven't experienced any issues with any of the sites I visit while using these.
one thing I've liked about Kaspersky Total Security is the Privacy Protection. (despite all the politics surrounding Kaspersky lately, not the point of my post and in no way attempting to debate or discuss that)

Image

Quickfoot
Posts: 955
Joined: Fri Jan 11, 2013 1:03 pm

Re: Anyone else using HTTPS Everywhere or similar?

Post by Quickfoot » Sat Oct 14, 2017 10:37 am

I use three extensions, HTTPS Everywhere, Adblock Plus, and Last Pass. Using HTTPS connections doesn't obscure what sites you are visiting but it does encrypt the traffic between your computer and the site providing SOME protection against man in the middle attacks since a typical attacker isn't capable of decrypting the traffic.

Why do I say SOME? Because if your adversary is in control of a trusted root certificate AND is capable of intercepting your traffic (which can be done at any of the hops between you and the target site) they can inject their OWN trusted SSL certificate into the stream and decrypt the traffic in real time without having to crack the encryption. Realistically we are talking about a LARGE company or powerful nation state (such as the United States).

Another potential attack would be installing a trusted certificate on your computer remotely through an unpatched vulnerability or physically (given 3-5 minutes a skilled attacker can have complete control of a computer if they have physical access). Once they've installed their own root certificate and made it trusted they could complete the above attack with significantly fewer resources required. Of course they could also just install a virtualized rootkit and have access to your entire computer in a way that's nearly impossible to detect with security tools.

SSL keeps honest people honest and keeps low level threats from intercepting your web traffic. It will NOT defend you against a skilled, dedicated attacker or keep people from knowing what sites you are visiting.
Last edited by Quickfoot on Sat Oct 14, 2017 10:42 am, edited 4 times in total.

User avatar
F150HD
Posts: 1074
Joined: Fri Sep 18, 2015 7:49 pm

Re: Anyone else using HTTPS Everywhere or similar?

Post by F150HD » Sat Oct 14, 2017 10:39 am

If one has never seen this 60 Minutes episode, its worth a watch. Super interesting.....

The end of privacy "The Data Brokers: Selling your personal information"

If you only have a few minutes, go to about 6:40 in the video

drk
Posts: 86
Joined: Mon Jul 24, 2017 10:33 pm
Location: Seattle

Re: Anyone else using HTTPS Everywhere or similar?

Post by drk » Sat Oct 14, 2017 11:39 am

GuineaPig wrote:
Fri Oct 13, 2017 8:35 am
I use these three plus Disconnect. Occasionally I find a site doesn't work quite right, in which case I'll run it in a Google Chrome incognito window (the incognito window turns off extensions). That's rare though.
Given that you're expressly using incognito without the extensions, this may not be interesting to you, but you can selectively enable extensions to run in incognito by clicking "Allow in Incognito" on the extensions page (chrome://extensions/).

Post Reply