Do you use HTTPS Everywhere?

[Amit]

Do you use HTTPS Everywhere?

[blacknight]

No, I don't need it.

[chrisretusn]

^ What blacknight said.

[Page42]

Never heard of it, but thanks for bringing it to my attention, Amit.

[Noob]

Never heard of it, is it an add on?

[Hungry Man]

Yep. I use it with Chrome.

@Noob

https://www.eff.org/https-everywhere

[Noob]

Tempted to get it but it's still in alpha release.

I think it makes no sense to read the newspaper with HTTPS.

[ComputerSaysNo]

Used to with Chrome & Firefox. I'll have to install it again.

[AaLF]

I said no. Why not? What do you need it for outside of financial transactions & the like? Is there relevance for forums, Facebook & website browsing?

[TheWindBringeth]

Quote:

Originally Posted by AaLF

I said no. Why not? What do you need it for outside of financial transactions & the like? Is there relevance for forums, Facebook & website browsing?

Some if not many sites/services have insecure logins. In some cases, simply sniffing HTTP communications is enough to steal login credentials which could be used at will in a different context. Cookies containing login related information being leaked via HTTP is one example and there may be other login related information in the HTTP GET or POST. HTTP is far, far easier to MITM and anyone doing so may not only (effectively) gain the ability to access your account (and whatever information becomes available by doing so) but also gain the ability to modify anything which you send to or receive from the website you think you are directly communicating with. Even if none of that applied, the use of HTTP greatly increases your possible exposure to tracking/profiling by intermediaries and others who can sniff the traffic between you and the server you are communicating with.

[Trooper]

No as I do not have a need for it.

[The Hammer]

Didn't know what it was. But no.

[Osaban]

Quote:

Originally Posted by The Hammer

Didn't know what it was. But no.

Same here. I'm not interested in this kind of stuff. It is true anonymity protects one's privacy, but it is a double-edged sword which will allow a lot of people to get away with misdeeds.

[AaLF]

Quote:

Originally Posted by TheWindBringeth

Some if not many sites/services have insecure logins. In some cases, simply sniffing HTTP communications is enough to steal login credentials which could be used at will in a different context. Cookies containing login related information being leaked via HTTP is one example and there may be other login related information in the HTTP GET or POST. HTTP is far, far easier to MITM and anyone doing so may not only (effectively) gain the ability to access your account (and whatever information becomes available by doing so) but also gain the ability to modify anything which you send to or receive from the website you think you are directly communicating with. Even if none of that applied, the use of HTTP greatly increases your possible exposure to tracking/profiling by intermediaries and others who can sniff the traffic between you and the server you are communicating with.

OK. Do I lose anything like 'speed' 'ease of use'?? What's the catch?

[TheWindBringeth]

Quote:

Originally Posted by AaLF

OK. Do I lose anything like 'speed' 'ease of use'?? What's the catch?

There is some additional overhead when using HTTPS, which I do and would suggest users approach with a "lets assume it is not a problem until there is evidence that it is a problem" attitude. As for ease of use, in many cases there is zero once you've entered the site via HTTPS instead of HTTP. In other cases you can run into issues such as the site not (fully) supporting HTTPS, the site using a self-signed certificate which you must review & accept, and/or mixed content scenarios which may or may not be OK depending on the situation. Using HTTPS should not but might have an impact on your AV protection, so that is worth checking. Speaking of which, depending on what your browser and AV software do in terms of malicious URL checking, those might divulge what you are doing at sites via HTTPS and thus to a ? degree offset the purpose of HTTPS. One should understand what is going on there too.

[mattbiernat]

No, Opera doesn't support HTTPS everywhere.

[NGRhodes]

Quote:

Originally Posted by Osaban

Same here. I'm not interested in this kind of stuff. It is true anonymity protects one's privacy, but it is a double-edged sword which will allow a lot of people to get away with misdeeds.

HTTPS is intended to secure your communications between you and the server not to provide anonymity.

[Osaban]

Quote:

Originally Posted by Nick Rhodes

HTTPS is intended to secure your communications between you and the server not to provide anonymity.

You are perfectly right Nick, I had wrongly assumed a certain type of anonymity because of the encryption.

No. I've found it to seriously slow down browsing.

[mack_guy911]

yes i used it some times only

its default in https of duckduckgo

https://duckduckgo.com/privacy.html

[SIR****TMG]

I use it

[sweater]

Quote:

Originally Posted by Gullible Jones

No. I've found it to seriously slow down browsing.

Really!!!

Do you use Firefox?

[Amit]

I've never found HTTPS Everywhere slowing down my browsing.

[operamail]

Just installed Https-Everywhere along with Https Finder to make Google search in my country easier! Great add-ons!