Following the EFF's recent missive on HTTPS protocol security and the numerous ways in which persistent attackers can work around it to compromise website traffic and data, we're developing a list of ways in which we can go above and beyond standard HTTPS encryption to guard against persistent attacks. What are the most effective tactics we should consider?