[TheRecord] EFF to deprecate HTTPS Everywhere extension as HTTPS is becoming ubiquitous

The Electronic Frontier Foundation said it is preparing to retire the famous HTTPS Everywhere browser extension after HTTPS adoption has picked up and after several web browsers have introduced HTTPS-only modes.

“After the end of this year, the extension will be in ‘maintenance mode’ for 2022,” said Alexis Hancock, Director of Engineering at the EFF.

Maintenance mode means the extension will receive minor bug fixes next year but no new features or further development.

No official end-of-life date has been decided, a date after which no updates will be provided for the extension whatsoever.

Launched in June 2010, the HTTPS Everywhere browser extension is one of the most successful browser extensions ever released. The extension worked by automatically switching web connections from HTTP to HTTPS if websites had an HTTPS option available. At the time it was released, it helped upgrade site connections to HTTPS when users clicked on HTTP links or typed domains in their browser without specifying the “https://” prefix.

The extension reached cult status among privacy advocates and was integrated into the Tor Browser and, after that, in many other privacy-conscious browsers.

Progress in HTTPS adoption

But since 2010, HTTPS is not a fringe technology anymore. Currently, around 86.6% of all internet sites support HTTPS connections.

Browser makers such as Chrome and Mozilla previously reported that HTTPS traffic usually accounts for 90% to 95% of their daily connections.

But efforts to improve HTTPS adoption have not taken place at the website level. Since 2020, several major browser makers have launched HTTPS-only modes, where the browser will try to upgrade the connection from HTTP to HTTPS on its own or show an error message to users if an HTTPS connection is not found — doing natively what HTTPS Everywhere has been doing for more than a decade.

HTTPS-only modes are now available in Mozilla FirefoxGoogle ChromeMicrosoft Edge, and Apple Safari. Instructions on how to enable each of these modes are available below:

Firefox:

Preferences > Privacy & Security > (Scroll to Bottom) Enable HTTPS-Only Mode

Chrome:

Settings > Privacy and security > Security > Scroll to bottom > Toggle “Always use secure connections”

Edge:

Visit edge://flags/#edge-automatic-https and enable Automatic HTTPSHit the “Restart” button that appears to restart Microsoft Edge.

Safari:

No action is required. Safari will attempt to auto-upgrade all HTTP connections to HTTPS by default. Behavior added in Safari 15, released in September 2021.

In a report published in March 2021 analyzing the rollout of its HTTP-Only Mode, Mozilla said that Firefox upgraded HTTP to HTTPS traffic only for 3.5% of the web pages that its users tried to access.

The browser maker said that 92.8% of web pages were already loading via HTTPS connections, a sign that HTTPS was now ubiquitous and a reason why the EFF is now preparing to sunset one of its most successful open source projects.

Image: Mozilla

The post EFF to deprecate HTTPS Everywhere extension as HTTPS is becoming ubiquitous appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] CISA Warns Critical Infrastructure Organizations of Foreign Influence Operations

All posts, Security Week

Newly published guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) provides critical infrastructure organizations with instructions on how to prepare for and mitigate foreign influence operations. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ESET] Week in security with Tony Anscombe

All posts, ESET feed

ESET researchers analyze malware frameworks targeting air-gapped networks – ESET Research launches a podcast – INTERPOL cracks down on online fraud The post Week in security with Tony Anscombe appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[TheRecord] Meet the man who sued an Indian state over police facial recognition technology

Hyderabad, India—During the second wave of the pandemic in May 2021, social activist SQ Masood was riding his motor scooter back home with his father-in-law in tow. But as he navigated his silver-colored two-wheeler through the narrow lanes of Shahran, a Muslim-dominant neighborhood in the southern Indian city of Hyderabad, he said he was pulled […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.