HTTPS is a way of providing security and privacy for your communication with web sites. You should expect it from sites that deal with your money, such as your bank, or Amazon.com, but you might not realize how important it is for sites like Facebook or Twitter. Think of it this way: When you protect your financial information, you’re protecting yourself, but when you protect your Facebook account, you’re protecting your friends. Using https keeps your accounts and reputation secure.
Many sites, Facebook included, have support for https, but immediately redirect you back to the insecure site, or forget to record your login session in a secure way. A Firefox Add-on called “NoScript” provides a solution to both these problems. Here’s how to make it happen:
- Install the Add-on.
- Restart Firefox
- In Firefox, go to Tools –> Add-ons –> NoScript –> NoScript Preferences –> Advanced tab
- In the “Behavior” tab under “Force the following sites to use secure (HTTPS) connections:” add the sites you want to secure. If you want to secure every subdomain of a domain, start with a dot. My entry looks like:
- In the “Cookies” tab check “Enable Automatic Secure Cookies Management”.
- Under “Force encryption for all the cookies set over HTTPS by the following sites:” add the same sites again. This will keep your login secure even over open wireless.
Let’s try it:
Go to http://facebook.com. First, notice that the URL changes to https://www.facebook.com. Now, you’ll also see NoScript letting you know that it blocked facebook.com. Just select “Allow all this page” from NoScript’s options.