In addition to Facebook and Twitter, the Web sites that the software works on are Google Search, Wikipedia, The New York Times, The Washington Post, PayPal, EFF, Tor, and Ixquick.
The tool works by creating an HTTPS (Hypertext Transfer Protocol Secure) connection to the sites. But even if "https" is used, unless the address bar is colored and an unbroken lock icon is displayed in the bottom right corner, the page is not completely encrypted, EFF says.
Our colleagues over at ZDNet's Zero Day blog point out that using HTTPS doesn't hide a computer's IP address and users are still susceptible to tracking from broken SSL sessions displaying unencrypted third-party content.
"Forcing a full session on a popular social-networking service such as Facebook for instance, without taking into consideration the fact that SSL would not magically make all the personally identifiable information, including your IP, disappear, is wrong," writes Dancho Danchev on the Zero Day blog. "Full-session SSL, in combination with tools such as Vanish, next to Tor-like/VPN based anonymity network, are great for a fresh start."