HTTPS Everywhere alone or with HTTP Finder?

Discussion in 'privacy technology' started by ams963, May 1, 2012.

Thread Status:
Not open for further replies.
  1. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    Hi,

    Should I use HTTPS Everywhere alone or should I also use HTTP Finder?

    Best Wishes,
    ams963
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Does HTTPS Everywhere allow to automatically search for websites supporting HTTPS, and also create the rules? If yes, then no need for HTTP Finder; otherwise, you may want to use them both, unless you're OK with creating the rules manually (if that's how it works; that's how it works in Chrome... :D).
     
  3. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    then I guess I must use them both......thx a lot :thumb:
     
  4. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    149
    HttpsEverywhere and Https Finder have different objective,s and are very complementary each others.

    0) The main purpose of HttpsEverywhere is not to discover which site are accepting SSL connections. Its main purpose consists in applying SSL rule in order you automatically connects through SSL to any sites belonging to the (ever growing) HttpsEverywhere's database. But HttpsEverywhere in itself doen't fill this db.

    1) Https Finder often, (but not always) detects when the site you are visiting accepts SSL connection (few false negative and, it seems, no false positive).

    2) When Https Finder detects an SSL connection is possible, it asks you whether or not you want to continue visiting this site through SSL, and whether or not you want to put a SSL rule in the HttpsEverywhere database concerning this site.

    3) Notice that for points 0) and 2) you could use noscript instead (option -> advanced -> Https-> behavior). But the couple HttpsEverywhere + HttpsFinder is more convenient.

    I don't know nevertheless which is better in security point of view: : HttpsEverywhere (+ Https Finder companion) or Noscript. Thanks to those able to illuminate me concerning this point.
     
  5. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    Thank you very much. I have left HTTPS Finder at default settings.
     
  6. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    Thank you for the detailed explanation. I use both HTTPS Everwhere + HTTPS Finder combo and NoScript together.

    One inconvenience is every time HTTPS Finder puts a rule in the HTTPS Everywhere database it prompts to restart Firefox. I mean if I want to keep visiting a thousand websites through an SSL connection then I have to restart Firefox a thousand times for example.

    Also, should I use SSL Observatory in HTTPS Everywhere?
     
  7. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    Thanks. Done! :thumb:
     
  8. mag1c

    mag1c Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    41
    Can you guys point me to the website's for these plugins please?
    HTTPS Everywhere etc...

    I already have no-script /adblock plus anything else would be good.

    Thank you
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
  10. hashed

    hashed Registered Member

    Joined:
    May 5, 2012
    Posts:
    53
    I can see I am a little late to the party on this one, but I use both, and as others have said the HTTP finder is a great compliment to HTTPS Everywhere, especially if you don't like scripting exceptions :)

    ~h
     
  11. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I use both, but more important than using SSL is actually verifying that there is no MiTM attack. The SSL model is broken right now (CA's cannot be trusted whatsoever -- I could list many examples of breaches). Thus, I recommend another plugin to add to your arsenal called convergence. It attempts to solve the SSL problem by taking the trust away from the CA's and directly into the user's hands.
     
  12. hashed

    hashed Registered Member

    Joined:
    May 5, 2012
    Posts:
    53
    Thanks very much, this looks similar to a WOT (Web of Trust) concept :) I will definitely check it out.

    ~h
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.