The Electronic Frontier Foundation (EFF) on Wednesday announced the launch of a new version of HTTPS Everywhere, which comes with new features. The features include a more regular list of HTTPS-supporting sites, bundled as a package that is delivered to the extension on a continual basis. This means that HTTPS-Everywhere-protected browsers will have more up-to-date coverage for sites that offer HTTPS, and users will encounter fewer sites that break due to bugs in the list of supported sites.
It also means that in the future, third parties can create their own list of URL redirects for use in the extension. This could be useful, for instance, in the Tor Browser to improve the user experience for .onion URLs.
HTTPS Everywhere is a free and open source browser extension for Firefox, Chrome and Opera created by EFF and the Tor Project. The extension automatically switches sites from the less secure “http” to the more secure “https.” This is useful to protect internet users from many forms of surveillance, censorship and account hijacking.
Keeping the list of sites that offer HTTPS updated is an enormous effort, comprising a collaboration between hundreds of contributors to the extension and a handful of active maintainers to craft what are known as HTTPS Everywhere’s “rulesets.” At the time of writing, there are over 23,000 ruleset files – each containing at least one domain name (or FQDN, like sub.example.com).
EFF modified the extension to periodically check in with them to see if a new list is available. That way users will get the newest ruleset list in a timely manner, without having to wait for a new version to be released.
In order to verify that these are the authentic EFF rulesets, EFF signed them so that browsers can check that they’re legitimate, using the Web Crypto API. EFF also made it easy for developers and third parties to publish their own rulesets, signed with their own key, and build that into a custom-made edition of HTTPS Everywhere. They called these “update channels,” and the extension is capable of digesting multiple update channels at the same time.
EFF plans to build on this feature, making it easy for users to modify the set of update channels they digest in their own HTTPS Everywhere instance.