HTTPS Everywhere alone or with HTTP Finder?

Discussion in 'privacy technology' started by ams963, May 1, 2012.

Thread Status:
Not open for further replies.
  1. ams963
    Offline

    ams963 Registered Member

    Hi,

    Should I use HTTPS Everywhere alone or should I also use HTTP Finder?

    Best Wishes,
    ams963
  2. m00nbl00d
    Offline

    m00nbl00d Registered Member

    Does HTTPS Everywhere allow to automatically search for websites supporting HTTPS, and also create the rules? If yes, then no need for HTTP Finder; otherwise, you may want to use them both, unless you're OK with creating the rules manually (if that's how it works; that's how it works in Chrome... :D).
  3. ams963
    Offline

    ams963 Registered Member

    then I guess I must use them both......thx a lot :thumb:
  4. JackReacher
    Offline

    JackReacher Registered Member

    I use both, HTTPS everywhere doesn't make it very easy to create new rules but HTTPS finder can break some sites if "automatically enforce HTTPS" is enabled. I have found the perfect compromise to be: Use HTTPS Everywhere in conjunction with HTTPS Finder, But turn off the "automatically enforce HTTPS." In this way, you can use HTTPS everywhere for known HTTPS enabled sites and use HTTPS finder to manually test new sites, once you test them, you can create a HTTPS Everywhere rule easily.
  5. Lyx
    Offline

    Lyx Registered Member

    HttpsEverywhere and Https Finder have different objective,s and are very complementary each others.

    0) The main purpose of HttpsEverywhere is not to discover which site are accepting SSL connections. Its main purpose consists in applying SSL rule in order you automatically connects through SSL to any sites belonging to the (ever growing) HttpsEverywhere's database. But HttpsEverywhere in itself doen't fill this db.

    1) Https Finder often, (but not always) detects when the site you are visiting accepts SSL connection (few false negative and, it seems, no false positive).

    2) When Https Finder detects an SSL connection is possible, it asks you whether or not you want to continue visiting this site through SSL, and whether or not you want to put a SSL rule in the HttpsEverywhere database concerning this site.

    3) Notice that for points 0) and 2) you could use noscript instead (option -> advanced -> Https-> behavior). But the couple HttpsEverywhere + HttpsFinder is more convenient.

    I don't know nevertheless which is better in security point of view: : HttpsEverywhere (+ Https Finder companion) or Noscript. Thanks to those able to illuminate me concerning this point.
  6. ams963
    Offline

    ams963 Registered Member

    Thank you very much. I have left HTTPS Finder at default settings.
  7. ams963
    Offline

    ams963 Registered Member

    Thank you for the detailed explanation. I use both HTTPS Everwhere + HTTPS Finder combo and NoScript together.

    One inconvenience is every time HTTPS Finder puts a rule in the HTTPS Everywhere database it prompts to restart Firefox. I mean if I want to keep visiting a thousand websites through an SSL connection then I have to restart Firefox a thousand times for example.

    Also, should I use SSL Observatory in HTTPS Everywhere?
  8. JackReacher
    Offline

    JackReacher Registered Member

    It looks to me like it was designed with Tor in mind where MITM attacks are more likely. If it looks like a feature you could benefit from I don't see a reason why you shouldn't use it, the EFF is a very trustworthy organization.
  9. ams963
    Offline

    ams963 Registered Member

    Thanks. Done! :thumb:
  10. mag1c
    Offline

    mag1c Registered Member

    Can you guys point me to the website's for these plugins please?
    HTTPS Everywhere etc...

    I already have no-script /adblock plus anything else would be good.

    Thank you
  11. Hungry Man
    Online

    Hungry Man Registered Member

  12. hashed
    Offline

    hashed Registered Member

    I can see I am a little late to the party on this one, but I use both, and as others have said the HTTP finder is a great compliment to HTTPS Everywhere, especially if you don't like scripting exceptions :)

    ~h
  13. chronomatic
    Offline

    chronomatic Registered Member

    I use both, but more important than using SSL is actually verifying that there is no MiTM attack. The SSL model is broken right now (CA's cannot be trusted whatsoever -- I could list many examples of breaches). Thus, I recommend another plugin to add to your arsenal called convergence. It attempts to solve the SSL problem by taking the trust away from the CA's and directly into the user's hands.
  14. hashed
    Offline

    hashed Registered Member

    Thanks very much, this looks similar to a WOT (Web of Trust) concept :) I will definitely check it out.

    ~h
Thread Status:
Not open for further replies.