HTTPS Somewhere

[Notice: in alpha state] If you like to look under the hood, writing some regular expression, or want a safer way to prevent massive XSS attack utilizing TLS or SSL encryption. HTTPS Somewhere will not let you disappointed. It is another HTTPS redirection extension that do exactly what you want. (See screenshot for better idea.) What make HTTPS Somewhere different from HTTPS Everywhere? - Encrypt what matter rather than attempt to encrypt many websites as possible. - Works with resources and elements even on the webpages that not secure.* - You take full control of the redirection with more advance user interface. - Take advantage from powerful regular expression you can define any pattern you can imagined. - Works completely in the background no icon added to the toolbar. - HTTPS Somewhere will never break any website without your consent. - It doesn't try to outsmart you. Some limitations: - Relatively difficult compared to HTTPS Everywhere. - Can't redirect to different hostname. How to use? - Check "Options" link in chrome://extensions/ * Why this matter? Why make some resources secure despite that the page itself is not? It doesn't make anything more secure, does it? There is a case in Thailand where an attacker exploit caching server of certain ISP. (Probably related to DNS and weird caching behavior. The details never made public and the case was denied by the ISP. However, this case affect millions of endpoints leaving lots of eye witness.) The attacker focus on Google's services included (but not limited to) Google Analytic and Google Ads. Result in massive and largest scale javascript injection I ever see in my life. (My estimation of the revenue the attacker gain from this one attack is at least 6 figures USD. The attack last for months because it is highly inconsistent.) So yeah in theory this probably wont gain any security to any page or prevent Eve to do bad things but in practical it does prevent some attack vector.