Piigeon

Piigeon is a Firefox extension that records whether websites protect your username and password when you sign in. For most sites, the cursor will change, telling you whether your login is encrypted or if it could instead be intercepted. Over time a report of your password safety is created.

Frequently Asked Questions

How do I install Piigeon?

Click on the download link on our Home/About page and then click "Allow" to install the plugin. Alternatively, saving the .xpi file and running it locally also works. Enjoy Piigeon!

How do I use Piigeon?

As you are signing into a website, when hovering over the Login button or focusing on the password box, the cursor will change to help you understand that site's behavior.

screenshot of the Piigeon report window
A screenshot of Facebook's login page, which sends your username and password with HTTPS encryption. This method protects your username and password so that they are only seen by the site to which you are logging in.
screenshot of the Piigeon report window
A screenshot of Tumblr's login page, which sends your username and password without HTTPS encryption. This method is less safe, possibly allowing your username and password visible to eavesdroppers including other users on insecure wireless networks, hotspot operators, and ISPs.

If Piigeon is unable to determine if your password is safe or not it will show a orange icon.

Piigeon also repeats in this information on the status bar as you hover over the login button.

How do I use the Piigeon report?

screenshot of the Piigeon report window

The Piigeon report (shown at right) displays a report of all of the sites you have visited. In order it displays:

This information in total allows you to look at your browsing patterns over time, note locations that you may see as more unsafe, and watch if your passwords are frequently shared between sites with and without encryption.


I'm using Firefox 4 and can't access the report. Where do I find it?

Click on the Firefox menu in the top left corner, click on Options, then click on Add-on Bar. The Piigeon icon will be displayed at the bottom right corner of the screen. Right-click the icon to access the report.

What if I want to use a site that is unsafe?

Many people may have accounts on sites that do not use encryption. To continue to use these services, we recommend that you use a password that is different from your other passwords, particularly passwords for sites that have sensitive personal or financial information. Also, to further protect yourself, log in only from networks that you trust, such as those connected to your home and work computers, or use a VPN (Virtual Private Network). Do not log in from coffee shops, hotels, or airports, which often have publicly shared wireless networks.

How is Piigeon different from the lock icon in my browser?

The padlock tells you whether loading the current page was protected with HTTPS encryption, but it does not tell you whether the next page will be protected. It is common for sites to have unprotected login pages that are followed by protected logins, but it is not easy to check this ahead of time without Piigeon. Similarly, sites can have protected pages that are followed by unprotected logins, though this is unusual and will often be accompanied by a browser warning message or broken padlock.

Help! Piigeon isn't working on my computer

If something is wrong with Piigeon, first check for updates, under Tools > Add-ons > Find Updates. If this does not want to work, you may want to uninstall it, and reinstall a new version. If this still doesn't work, go to Firefox profile folder and delete the ********/extensions/piigeon@cs.washington.edu/ folder where ******** is your profile id.

If this still doesn't work please post on our forum.

Why doesn't Piigeon track other form information, do this new thing I want, or make me coffee?

We are still actively developing Piigeon. If you find any bugs, want any new features, or have any other suggestions, again please post on our forum.