[TheRecord] EFF to deprecate HTTPS Everywhere extension as HTTPS is becoming ubiquitous

The Electronic Frontier Foundation said it is preparing to retire the famous HTTPS Everywhere browser extension after HTTPS adoption has picked up and after several web browsers have introduced HTTPS-only modes.

“After the end of this year, the extension will be in ‘maintenance mode’ for 2022,” said Alexis Hancock, Director of Engineering at the EFF.

Maintenance mode means the extension will receive minor bug fixes next year but no new features or further development.

No official end-of-life date has been decided, a date after which no updates will be provided for the extension whatsoever.

Launched in June 2010, the HTTPS Everywhere browser extension is one of the most successful browser extensions ever released. The extension worked by automatically switching web connections from HTTP to HTTPS if websites had an HTTPS option available. At the time it was released, it helped upgrade site connections to HTTPS when users clicked on HTTP links or typed domains in their browser without specifying the “https://” prefix.

The extension reached cult status among privacy advocates and was integrated into the Tor Browser and, after that, in many other privacy-conscious browsers.

Progress in HTTPS adoption

But since 2010, HTTPS is not a fringe technology anymore. Currently, around 86.6% of all internet sites support HTTPS connections.

Browser makers such as Chrome and Mozilla previously reported that HTTPS traffic usually accounts for 90% to 95% of their daily connections.

But efforts to improve HTTPS adoption have not taken place at the website level. Since 2020, several major browser makers have launched HTTPS-only modes, where the browser will try to upgrade the connection from HTTP to HTTPS on its own or show an error message to users if an HTTPS connection is not found — doing natively what HTTPS Everywhere has been doing for more than a decade.

HTTPS-only modes are now available in Mozilla FirefoxGoogle ChromeMicrosoft Edge, and Apple Safari. Instructions on how to enable each of these modes are available below:

Firefox:

Preferences > Privacy & Security > (Scroll to Bottom) Enable HTTPS-Only Mode

Chrome:

Settings > Privacy and security > Security > Scroll to bottom > Toggle “Always use secure connections”

Edge:

Visit edge://flags/#edge-automatic-https and enable Automatic HTTPSHit the “Restart” button that appears to restart Microsoft Edge.

Safari:

No action is required. Safari will attempt to auto-upgrade all HTTP connections to HTTPS by default. Behavior added in Safari 15, released in September 2021.

In a report published in March 2021 analyzing the rollout of its HTTP-Only Mode, Mozilla said that Firefox upgraded HTTP to HTTPS traffic only for 3.5% of the web pages that its users tried to access.

The browser maker said that 92.8% of web pages were already loading via HTTPS connections, a sign that HTTPS was now ubiquitous and a reason why the EFF is now preparing to sunset one of its most successful open source projects.

Image: Mozilla

The post EFF to deprecate HTTPS Everywhere extension as HTTPS is becoming ubiquitous appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[HackerNews] Get Lifetime Access to 24 Professional Cybersecurity Certification Prep Courses

All posts, HackerNews

Not all heroes wear capes. Cybersecurity professionals are digital warriors who use their knowledge and skill to battle malicious hackers.  Sounds like an exciting career, right?  If the comic-book comparisons aren’t working for you, perhaps some figures will. According to ZipRecruiter, the average salary of a cybersecurity professional is just over $100,000 a year. The […]

Read More

[BleepingComputer] CISA shares guidance on how to prevent ransomware data breaches

The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. […] Source: Read More (BleepingComputer)

Read More

[BleepingComputer] Critical bug impacting millions of IoT devices lets hackers spy on you

Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek’s Kalay IoT cloud platform. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.