HTTPS-Everywhere, nice initiative, but is it overall secure? "Majority of Web sites currently only use HTTPS for logins or transactions where sensitive data is captured," the analyst Ang Poon Wei, stated.
"Trying to access a Web site that doesn't or partially supports HTTPS would generate different user experiences." Quotes taken from an article by Ellyne Phneah for ZDNet.
This is my experience also. For instance at
https://www.on24.com that is trying to load scripts from non-verified sources and older weaker encryption. Even HTTPS-Everywhere green padlocked websites may have security issues the average user may not expect - encryption sequence delivered from the weak end up (misconfiguration),
weakened encryption because excluded from the more secure variety (export restrictions). Security header implementation eikther missing or full of warnings, check with Recx Security Analyser Extension, so often the unaware user is lulled into a sense of security while the online commercial and governmental tracking goes on. Remember we live in the Golden Age of Global Surveillance. My analysis experiments with SSL scanning in combination with Tracker tracker tool result analysis proofs the green padlock may often only present a "bleak or bleached" green
An example for htxps://www.on24.com/ with Outdated Web Server Apache Found Vulnerabilities on Apache 2.2 Apache/2.2.26 See for yourselves attached and the security header status report here:
http://www.webpagescreenshot.info/img/550eadaa52b736-52877506polonus
