Firefox add-on encrypts sessions with Facebook, Twitter

HTTPS Everywhere Firefox extension encrypts communications between browser and sites including Facebook, Twitter, Wikipedia, New York Times, and PayPal.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills

The Electronic Frontier Foundation and the Tor Project have released a public beta of a new Firefox extension that lets people encrypt their communications with Facebook, Twitter, and other sites.

The HTTPS Everywhere Firefox extension was inspired by Google's encrypted Web search option, the EFF said in announcing the tool on Thursday.

In addition to Facebook and Twitter, the Web sites that the software works on are Google Search, Wikipedia, The New York Times, The Washington Post, PayPal, EFF, Tor, and Ixquick.

The tool works by creating an HTTPS (Hypertext Transfer Protocol Secure) connection to the sites. But even if "https" is used, unless the address bar is colored and an unbroken lock icon is displayed in the bottom right corner, the page is not completely encrypted, EFF says.

Our colleagues over at ZDNet's Zero Day blog point out that using HTTPS doesn't hide a computer's IP address and users are still susceptible to tracking from broken SSL sessions displaying unencrypted third-party content.

"Forcing a full session on a popular social-networking service such as Facebook for instance, without taking into consideration the fact that SSL would not magically make all the personally identifiable information, including your IP, disappear, is wrong," writes Dancho Danchev on the Zero Day blog. "Full-session SSL, in combination with tools such as Vanish, next to Tor-like/VPN based anonymity network, are great for a fresh start."