Is using "HTTPS everywhere" extension secure?

EFF is a highly respected organization dedicated to protecting privacy in electronic communications. It would be against their interests to jeopardize people's privacy through their products.


You can also use NoScript to ensure your connections are over https. NoScript also comes with a tonne of other defences that include XSS protection, Clickjacking detection, ABE (kinda like a firewall in your browser) and many more. NoScript has been around for years and it's highly regarded and respected.


As I replied before, you should understand that you can still use SSLstrip against HTTPS Everywhere. By searching a bit, I also came across this link and this test (related to the previous link), it seems that HTTPSEverywhere does not protect you against spoofing attacks. Related to this topic, I could also find this one which contains a lot of good information, and this one on how to protect from sslstrip attacks.

Have fun reading ;)