The plugin, which came out of beta today, works with a list of sites that support HTTPS, but may be doing so in an incomplete or limited fashion. If a site defaults to unencrypted HTTP or links to unencrypted pages, the plugin will rewriting requests so that true HTTPS is utilized. It currently works with a number of big sites, including Google Search, Wikipedia, Twitter, Facebook, bit.ly, PayPal and all Wordpress.com blogs.
HTTPS -- or Hypertext Transfer Protocol Secure -- combines HTTP and the Secure Sockets Layer/Transfer Layer Security protocol to encrypt data and communication over the Internet. Its 128- to 256-bit encryption is extremely secure and highly resistant to intrusions from third parties.
As the EFF explain on their Website:
Sadly, many sites still include a lot of content from third party domains that is not available over HTTPS. As always, if the browser's lock icon is broken or carries an exclamation mark, you may remain vulnerable to some adversaries that use active attacks or traffic analysis. However, the effort that would be required to eavesdrop on your browsing should still be usefully increased.
The HTTP Everywhere plugin is an GNU-licensed open source project, so developers can dig in and write their own rulesets and help test new features.
It comes as part of the EFF's broader "HTTPS Now initiative, which we covered back in April. The goal of the campaign is to increase awareness and support for SSL-encrypted browsing.