New Version HTTPS Everywhere

New Version HTTPS Everywhere 1.2.2

https://www.eff.org/https-everywhere

 

HTTPS is clearly necessary for some sites, but why would it be desirable "everywhere"?

Note to admin: this might generate more interest in the Privacy Technology section.

 

If you just generally don't like your ISP seeing what you do/ don't want anyone between you and who you're talking to listening in on the conversation you might as well use HTTPS. There's not much performance hit and if a site supports it I think we can assume that they can handle the extra load.

 

Peace of Mind is a nice thing to have. I hope DuckDuckGo updates their list with the latest rules.

 

Agreed, but what is it about HTTPS Everywhere that gives you peace of mind?

 

The same reason I don't yell my conversations when talking to a friend in a crowded area. I'm not planning to bomb some building, I just prefer to have my conversations stay between us.

Knowing that my conversations with someone aren't being listened in on by anyone between me and the website is nice.

Not to mention that if you don't use HTTPS and someone is doing MITM they can change the data in transit.

 

Why isn't it on official FF addon page? And does it send our data to their developers somehow?

 

Good question Pandorax, I wondered the same thing, so I found this on their FAQ:

"Q. Why isn't HTTPS Everywhere available for download from addons.mozilla.org like most other Firefox add-ons?

A. We felt that the Mozilla privacy policy that applies to downloads from addons.mozilla.org is somewhat less protective than the privacy policies of the organizations that develop HTTPS Everywhere, and we prefer for HTTPS Everywhere users to be protected by our privacy policy. This decision could change in the future as Mozilla's privacy practices evolve or as we re-examine the details of the current Mozilla policy."

https://www.eff.org/https-everywhere/faq

 

I am in shame. Thanks.

 

Do not feel too bad, I had to cheat and search for the answer using Google SSL Search, hehehe ; you are welcome.

 

From their policy; https://www.eff.org/policy

Whatever it is, i didn't like it
And i don't see any "Decentralized Observatory" feature in extension options!

 

I understand being an advocate of privacy you have to be on the watch for what companys and groups are doing. That said I must say I have ALOT of faith in the EFF. As to why you don't see the option to disable Decentralized Observatory it is because it will not be included until venison 2.0

SOURCE

Im sure if you download the development version of 2.0 it will probably have the option to disable the Decenteralized Observatory.

No worries.

 

Indeed, from the changelog:
2.0.0development.1 (2011-09-15)
* Begin alpha testing for the Decentralized SSL Observatory!
(currently opt-in, with a popup prompt if you have Tor Button installed)

btw changelog for 1.2.2:
1.2.2 (2012-01-09)
* Google Cache is back!
* Fixes: Wikipedia, Identi.ca, Verizon, CCC.de, UserScripts,
Yandex
* Improvements: EFF
* Disable broken: NSF.gov, WHO.int

 

Disabled here





And always have been able to on previous versions too !

 

Your ISP, by virtue of the fact that they do business with you, already probably has your real name, your home address, and your credit card or bank account number. They can't charge you without that stuff. No amount of encryption of the traffic you send over their wires after they've already taken down all your personal info will change what's on their servers or reduce their ability to sell that information to whoever they feel like.

If you are worried about your ISP selling data about you, IMO this is a far, far bigger concern than the possibility they might snoop all your Web requests hoping they might occasionally stumble across a form submission that contains actual salable data.

Your ISP will also know what hours you're usually online and how much traffic you generate / consume, though you could put technical measures in place to obscure those things if you cared. (Any such measures would themselves allow your ISP to detect that you are in the class of users who puts technical measures in place to obscure usage stats, which probably makes you much more interesting to certain groups.)

After all its their network. You are their customer and you have to go out through their door to get onto the internet. 99 Percent of them use NARUS

This is what NARUS do
Total Network View” decision making through the real time collection and analysis of one packet to billions of packets across multiple networks.

Network transparent collection and semantic analysis of traffic•Captures detailed, protocol-specific data in addition to collecting standard data•Interfaces directly to the network using Narus Semantic Traffic AnalysisTMtechnology

Extracts information from network devices and service elements using standard protocols:-SNMP-Voice Mediated CDRs-CGF-LDAP•Highly configurable with the Narus VA Toolkit

Extracts information directly off the wire
Not a sniffer: session modeling and reconstruction
Detailed visibility into user traffic
Network transparent, non-intrusive
Vendor and protocol independent: IP standards based
Highly tuned appliance: 300-500Kbps
Network efficient: 95-99% data reduction
Network transparent collection and semantic analysis of traffic

Let go off that idea you can hide from your ISP. You can't.

 

My ISP has loads of information on me, of course. But maybe I don't want them seeing my Wilders posts (poor example) or some other information I pass on a forum that isn't relevant to them.

You're missing the point if you think this is about "hiding" from ISPs. ISPs will always know certain information - it's kind of like talking to someone in a foreign language, they still know you're talking and they still see where you are etc. but they don't know what you're saying. That's all it is.

And there's also the fact that HTTPS prevents basic MITM attacks (depends on the situation.)

 

Internet Protocol Detail Record

Remember that semantics is not just the data, but rather the meaning of the data. It looks at the the data in a more comprehensive way than looking for keywords. Each NarusInsight machine does this at 2500 million bits per second, in real-time. You really wonder why BushCo didn't want to talk about this stuff? It's the biggest invasion of privacy in history by several orders of magnitude.

 

All it can see are the semantics - whatever that means. If I use HTTPS right now it might be able to understand how Wilders is being used but they aren't cracking the encryption.

And that still leaves the fact that MITM attacks can be broken through ssl.

The link is broken.

 

well you sure wont have your isp sniffing info from you if you use a good non logging vpn like vpntunnel.se etc , protip , no need to slow down your website access

 

Yes you will. Your ISP is what brings you do that VPN.

 

sure but all they see is you using a vpn not your traffic so whats the problem?

p.s: btw a hello to everyone im a long time lurker first time poster xD , nice to be here

 

The data between you and the VPN is encrypted. The ISP cannot see anything just like they cannot see the content you browse on an encrypted website.

 

i think he meant that your vpn sees that your connected through a vpn, wich is true and thanks for explaining it to the rest that dont know how a vpn generally works xD
of course theres more to it than just that ,but that would go off topic it would seem xD

 

VPN sees that you're connected through a VPN?? You mean ISP sees that that you're connected through a VPN? I don't see how, all they'd see is encrypted traffic flowing through.

 

isp sees you are ,not vpn to vpn roflmao xD

p.s: thats from what ive heard in a vpn discussion some time ago, not sure if the encrypted traffic gives it away or whatnot