|
|
|
|
|
|
by passfree
4221 days ago
|
|
|
HTTPS is a good idea but it really doesn't work for me. I am one of those paranoid people who want full end-to-end SSL without exceptions. HTTPS Everywhere doesn't fill the bill. This is why the company I work for created PanicMode (https://chrome.google.com/webstore/detail/panic-mode/lamdafc...). PanicMode is ridiculously simple extension. Once activated, it will swap HTTP for HTTPS without leaking even a single packet. Not even pre-flight requests are spared. PanicMode is not good for general purpose browsing mainly because 99% of the site break badly, i.e. they do not support SSL at all. That is very telling and sad reality. The way I use it is with profiles. I have a bunch of chrome profiles that I use for different purpose. One of my profiles is just for social browsing - facebook etc. I have another one for company stuff. Those profile have panic mode installed and activated. Because I care about security in those profiles I don't mind if I click on a facebook link and it doesn't open up because at least I know that I am protected against side-channel attacks. It is a very simple mechanism but works well when used effectively. |
|
|
Sounds pretty cool and useful to me. As it tends to happen, though, all promises of additional security a Google Chrome extension makes are invalidated by a single notice—
> Panic Mode can read and change all your data on the websites you visit
As a side note, I noticed that lately my sensitivity to these kinds of threats has come down significantly due to multitude of useful extensions and apps requiring ridiculous permissions. Seems like a dangerous trend: not knowing that an app is going to do sneakily collect your data is one thing; knowingly and willingly grant every little extension wildcard access time after time is quite another. I was very happy to ditch Android because of that. Perhaps I’m too paranoid, of course.