Browser Extensions to make you safer: HTTPS Everywhere and Privacy Badger
Browsing the web can be tricky: avoiding unsecured HTTP sites and avoiding the data collection of trackers can be a challenge. That’s where two EFF browser extensions come in: one to offer additional security, and one to offer additional privacy.
The HTTPS Everywhere browser extension defaults to secure connections of HTTPS when browsing websites. And the Privacy Badger extension helps you avoid spying ads and third-party trackers trying to collect data on your habits as you move site to site. In this lesson, we will share some ways for learners to protect their information as they browse the web.
- Different Types of Encryption
- Web Browsing Security
- Five EFF Tools to Help You Protect Yourself Online
- Privacy Badger website
- HTTPS Everywhere website
- Panopticlick website
- Encrypting the Web
- Moxie Marlinspike's SSLstrip attack information
Gotchas and Problems You Might Hit
You might hit some misconceptions about these two tools.
Privacy Badger and HTTPS Everywhere Aren’t 100% Solutions
It’s worth making clear what these browser extensions are meant to address—and what they aren’t.
The threat model for Privacy Badger: Privacy Badger stops companies from compiling information on your browsing patterns — it only provides marginal protection from attackers who are trying to target you directly, like criminals, stalkers, or governments.
The threat model for HTTPS Everywhere: HTTPS Everywhere helps increase the level of encryption you use everyday, which does increase your protection against mass surveillance or someone spying on your web traffic, but it doesn’t encrypt all of your communications.
Think of them both as vitamins. They give most people improved protection on a daily basis, but if you’re suffering from a particularly serious attacker, you’ll need stronger medicine.
Privacy Badger Is Not An Ad Blocker
Sometimes, Privacy Badger is discussed alongside ad blockers like Adblock Plus. However, be sure to highlight that Privacy Badger is not an ad blocker. Instead, it’s a tracker blocker. Privacy Badger blocks third parties that appear to be tracking you across the web, whether they’re serving ads or not. Similarly, Privacy Badger will only block ads if they appear to be tracking you nonconsensually (see EFF’s Do Not Track policy for more info.) In this way, one of Privacy Badger’s goals is to encourage more responsible, transparent advertising that respects users’ privacy.
HTTPS Everywhere Doesn’t Encrypt Everything
With HTTPS Everywhere, it’s tempting for people new to the tool to think that it creates HTTPS where there is none. You can clear this up by explaining that it’s up to a website’s administrators to decide whether or not their site offers HTTPS (and, luckily, more and more are offering it every day!). HTTPS helps after website administrators turn on HTTPS. Some websites, even after turning HTTPS on, don’t have HTTPS as the default, only encrypt some content, or still link to unencrypted pages. HTTPS Everywhere helps with these more complicated instances and makes sure that users get any HTTPS that would otherwise fall through the cracks. Users that want all their browsing to be encrypted can check the option “Block all unencrypted requests.” It’s important to know that this will make sites that offer only insecure HTTP connections unavailable, though.
Internet Connectivity, and Other Installing Problems
Installing browser extensions is one of the simpler ways to install additional software, but it’s still not foolproof. You may want to check connectivity with the venue beforehand, and stagger when and how people are downloading. If you’re doing a survey or pre-event instructions, ask people what browser they use. You might even encourage advanced users to install the software beforehand.
Anticipated Questions and Answers
To brush up on answers to frequently asked questions for HTTPS Everywhere, check https://www.eff.org/https-everywhere/faq.
Refresh your memory by reading Privacy Badger’s Frequently Asked Questions as well: https://www.eff.org/privacybadger#faq.