With HTTPS Everywhere, is Firefox now the most secure mobile browser?
Agreed, provocative headline aside, the post specifies that the kind of security we can deliver is protection against dragnet surveillance.
Mobile phones in general are not yet in a position to offer much host security against targetted attacks; they have unauditable basedband chips and carrier-controlled update mechanisms and very slow security update cycles.
EFF's HTTPS Everywhere Detects and Warns About Cryptographic Vulnerabilities
you know who's connected where?
Great question. If you have Torbutton installed, the Decentralized SSL Observatory will use Tor to submit the certs via an anonymized HTTPS POST, and warnings (if there are any) are sent back through the Tor network in response.
If you don't have Torbutton, you can still turn on the SSL Observatory, in which case the submission is direct. The server does not keep logs of which IPs certs are submitted from, though this is of course less secure than using Tor.
Before you can turn the Observatory on, we have a UI that tries to explain all of this elegantly and succinctly, in language that even not-super-technical users can understand.
The original design document is here: https://trac.torproject.org/projects/tor/wiki/doc/HTTPSEverywhere/SSLObservatorySubmission
EFF Asks Verizon Whether Etisalat Deserves CA Trust
Is it possible for me to reject the Etisalat subCA cert without ever seeing it?
With Chrome/IE/Safari on OS X and Windows only, there is a way to block the Etisalat subordinate CA certs. First you have to fetch a copy (see for instance this site). Note that the Etisalat cert is also labelled "Comtrust". Then export the cert. Then on Windows, reimport them into "untrustuted certificates" store. On OS X, import the cert using the Keychain Application into "My Certificates", and disable it.
EFF Releases Tool For Testing ISP Interference
It is often a bad idea to select a project name that is a common dictionary word. It makes the project almost ungooglable and also dilutes the original meaning of the name -- I wonder if the nation of Switzerland wants to be associated with this piece of software. The global English dictionary namespace isn't running out yet, so we don't need to start reusing words.
Yes, this is a fair point and we talked about changing the name before launch for this reason. But despite a lot of brainstorming, we couldn't think of a better name. If you want to search for Switzerland, add a word like "eff" or "isp" or "packet" or "network" to your google search. Maybe if we're successful enough we'll end up on the first page of results for a simple "switzerland" search at some point.