Expanding HTTPS Everywhere's Domain Support

20 Oct 2015 . tech . Comments
#privacy #opensource

Update: You no longer need HTTPS Everywhere to set HTTPS by default, major browsers now offer native support for an HTTPS only mode

HTTPS Everywhere is a collaboration project between the Tor Project and the Electronic Frontier Foundation (EFF). It’s a browser extension for Firefox, Chrome, and Opera that always opts in for HTTPS communication for every known domain that supports it. Tracking which domains support HTTPS communication is not an easy task and requires a community to support this.

Let’s see how you can help improve the repository of the tracked domains that support HTTPS. When you come across a website that is served over HTTP, try accessing it with HTTPS. If it works, you can easily add a rule for that website. To do this, fork the GitHub repository, navigate to src/chrome/content/rules, and run the following command:

./make-trivial-rule <domain>

For example, to generate a trivial rule for di.uoa.gr, run:

./make-trivial-rule di.uoa.gr

This will generate a default rule set file that looks like this:

<ruleset name="National and Kapodistrian University of Athens - Department of Informatics and Telecommunications">
  <target host="di.uoa.gr" />
  <target host="www.di.uoa.gr" />
  <rule from="^http:" to="https:" />
</ruleset>

Once you’ve created the rule, open a pull request on the HTTPS Everywhere GitHub repository. This is a quick and easy way to contribute to enhancing the privacy and security of many.


Me

Panos is an engineering leader at Panther, with over a decade of experience in cybersecurity and engineering leadership. His career includes security research at CERN, security engineering at Microsoft Office 365, and founding Blocktopus, a KYC/AML startup. He holds patents, has published research in security and machine learning, and has helped scale startups from pre-seed through Series B. On this blog, he writes about security, leadership, and developer productivity.