Add-ons
To try the thousands of add-ons available here, download Mozilla Firefox, a fast, free way to surf the Web!
CloseWelcome to Firefox Add-ons.
Choose from thousands of extra features and styles to make Firefox your own.
CloseReview for Perspectives by Charles
Rated 4 out of 5 stars
This addon provides excellent protection from Man-in-the-Middle attacks. These attacks are rare but not unheard of, and when executed allow the attacker to completely eavesdrop on your SSL-encrypted communications (that is, your typical "https" connections to your bank, Google, email provider, etc).
There are two problems with the addon. One is that two thirds of the notaries are now silent. I was concerned that this might just be me, but actually the screen shot image shown on the addon page shows the same problem: Only three servers (nine-eyes, heimdal and perspectives8 - the ones with green horizontal bars) return replies when queried. That's at most 3/9, or 33%. The default security level requires 75% of the notaries to agree for a connection to be flagged as "confirmed". What this means is that ALL connections are flagged as dangerous, which in turn means you must manually check the notary results each time. The notaries are volunteers that provide a free service, so it's understandable that they're not all in it for the long haul, but it greatly limits the value of the addon. This can be partly solved by manually setting the security to only require 30% agreement, but even that's not perfect (as I write this only nine-eyes and heimdal are returning audit information for https://addons.mozilla.org : 2/9 is less than 30% = Warning!)
The second problem is not Perspective's fault, but it's an annoyance. Some websites (like my well-known credit card brand) initiate connections from a constantly churning and very large pool of diverse certificates. The notary results look like a confetti explosion. I'm baffled why they do this, but it means that such sites are *never* marked as "consistent", since each notary server is getting a different certificate every time they connect. Fortunately, that behavior seems isolated to only a handful of sites (though some of them are Fortune 50 companies).
Ideally, I'd like to see the Perspectives team and the Convergence team (http://convergence.io/) put together a joint addon AND host it on mozilla.org. An irony with Convergence is that it's self-hosted on an HTTP domain, and attempts to connect via HTTPS result in an SSL domain mismatch alert AND redirection to a different website. So I can't use Perspectives to help assure that I'm downloading an unaltered version of the Convergence .xpi file o_O
To create your own collections, you must have a Mozilla Add-ons account.
