In last weeks column, I mentioned a handy cloud storage tool called SpiderOak designed to secure the files you store online.
But file storage accounts for only a fraction of your online life, the majority of which is by default at least vulnerable to prying eyes. Thats where HTTPS Everywhere, a free browser extension for Firefox and Chrome, comes in.
Created by the nonprofit digital rights advocacy group Electronic Frontier Foundation, HTTPS Everywhere forces your browser to view Web pages using HTTP Secure, an encrypted technique that can prevent a host of problems when your computer talks with servers that store Web content.
The software doesnt provide complete security (no solution really can), but its creators say its a big step toward fixing the sorry state of online safety.
That modern Internet security is a bit lackadaisical isnt exactly by design, says EFF Technology Projects Director Peter Eckersley.
The Web was designed in a very sort of cloistered, academic environment. It was a research project, essentially, Eckersley said. No one back in that time was designing for a medium that we use for our most sensitive communications.
Hes not just talking about credit-card numbers (online purchases, for the most part, already employ HTTPS). Even basic users now rely on the Web for banking, medical advice and activism.
Those things are often more confidential than your credit-card number, Eckersley said. After all, any clerk at a department store can see your credit card number.
The solution, he says, is to get websites and the companies behind them to adopt HTTPS more widely, even for basic browsing.
By adding a layer of encryption to the more common HTTP, or hypertext transfer protocol, HTTPS scrambles the data that describe both what youre seeing on a page and how you interact with it. It also forces the browser to verify that the site youre visiting really is Google or Facebook and not some impersonator.
Eckersley said taking these steps can stop intruders from intercepting the information youre sending and receiving, whether that malicious user is connected to your wireless network or between you and your Internet service provider.
With HTTPS, if its working correctly, the only thing an outside observer can see is what site youre talking to, Eckersley said.
Expanding its reach
While the EFF has long lobbied for companies to employ HTTPS by default (with some success), Eckersley said the group launched HTTPS Everywhere to retrofit security and privacy onto websites without it.
But its not just as easy as adding an s into a sites address. By tapping into the open-source community, EFF has curated a collection of instructions written by developers that help the browser to plug-in display sites with the added security layer. If a site isnt supported and doesnt display correctly, users can turn HTTPS Everywhere off by clicking on a logo in their address bar.
Its sort of like fixing the security of the Web with duct tape, Eckersley said.
HTTPS Everywhere supports more than 3,000 sites already, which Eckersley said will put it in line to encrypt trillions of Web requests in the next year.
Some of those requests should be yours.
We wouldnt let people weve never met sit in our living rooms and watch what were doing, Eckersley said. Why would we let people who are just as much strangers build big databases of what were doing (on) our laptops, in our living rooms?
Send technology questions to email@example.com. Please include your name, city and daytime phone number. Sorry, we cant answer every question.