SSLPersonas

SSLPersonas shows you how secure a web page is in a very obvious way.

Instead of showing you a tiny little pad lock somewhere in your browser, SSLPersonas changes Firefox's entire look! The theme changes with the websites you open. Each time you interact with a website, its security level is checked and shown to you by using a particular theme.

Download SSLPersonas for free at the Mozilla Add-Ons page.

What does 'secure' even mean?

Whenever you open a web page, you actually start a conversation with a computer that's located usually very far away from you. Your browser (Firefox) is able to tell whether this conversation is happening without anyone being able to listen (imagine the President's red phone).

Read On

It does it by exchanging secrets with the remote machine, that only those two know. Those secrets are used to invent a new language that only your browser and the remote machine are able to speak. Now, If that's the case, we call that conversation secure.

If your browser is not sure, whether there is anyone listening, the conversion is not secure. It then does not exchange any secrets with other computers, nor does it invent any languages together with them. Most of the time, this is just fine. But there are people out there who do want to know, what conversation you're having with other computers and they can quite easily listen to that. That is why we say, those conversations (or connections) are insecure.

Please note: The process is a little bit more complicated that that in real life. We just try to explain it as simple as we can and don't worry about the terminology.

Hide

Extended Validation

If you see Firefox putting on a green theme, it means that someone has gone through a lot of trouble proving they are who they claim to be.

For example, that means they went to a really trustworthy organization (say, something like your supreme court) and revealed a lot of information about themselves. That trustworthy organization issues a certificate, hands it to the applicant and confirms from now on that it knows them.

We use the green theme for web sites that have gone through all that trouble. It is the best theme we have at the moment.

Standard Validation

Seeing the blue theme is a good thing.

The website that you're on when you see the blue theme is secure. However, the owner of the website did not walk to the trusted organization himself. Instead, he sent a copy of his ID or was verified via his phone. For that, the trusted organization also grants certificate, but not every little detail about the applicant shows up in there. But that's just fine!

Broken Certificate

You won't see the purple theme very often.

Coming back to our conversation metaphor, the purple theme only pops up if parts of the conversation are not secure. This can be a bad thing, because you can't know whether the insecure parts are the ones you actually want to keep secure.

Further, it could mean that someone signed their own certificate. Everyone can do that, but the conversation your browser has with that website can't be understood by anyone else.

So, be somewhat cautious about what you do on those sites, but in general it's nice to see the site is trying to establish a secure conversation with you.

Insecure Connection

The red theme is our party pooper.

Unfortunately, you will see the red theme quite often (you might even see it right now). Is it a bad thing? It depends on what you do on those sites that show you the red theme. Try not to type anything into this website that you would not be willing to shout out loud in a room full of nosy neighbors. That includes for example passwords, email addresses or bank account numbers.

Sometimes a site that makes Firefox show you the red theme first becomes a good site and leads you to the blue or even the green theme after you click on certain of links in it.

In the picture above, you see that even one of the most popular sites on the entire world wide web will produce a red theme. But once you click on "Sign in" (of course before you have entered a password), it will turn blue:

Sometimes, insecure connections become secure.

Who made SSLPersonas?

SSLPersonas was programmed by a guy named Tobi Seitz. You can write him an email if there's something you need to talk about.

How can I contribute to SSLPersonas

You can either start coding with Tobi on GitHub, or become a nicer person today and donate some bucks for a coffee or two. It just so happens that right here is a super handy donate button: