Here’s what has changed and why it matters
Data transfers between a web browser and a visiting website should always be secure. Prior to the adoption of Internet encryption, all data was transferred using unencrypted Hypertext Transfer Protocol (HTTP) which makes your information vulnerable to eavesdropping, interception and alteration.
Fortunately, most data on the Internet now uses HTTPS, the secure version of HTTP. And for websites that are still unencrypted, the HTTPS Everywhere extension ensures that every unencrypted transfer is automatically converted to HTTPS.
But what exactly is HTTPS and HTTPS Everywhere? And is the growing awareness of secure internet connections finally bringing HTTPS Everywhere closer to retirement?
What is HTTPS?
You can find HTTPS in the URL field when you try to access a website. This protocol ensures that the website you are trying to reach is secured with an SSL certificate.
Secure Sockets Layer (SSL) protocol is used to establish an encrypted link between two systems such as a browser and a web server. Primarily, SSL ensures that the transfer of data between two entities remains both encrypted and private.
To view SSL certificate details, you can click on the padlock symbol in the browser bar just before the website URL.
What is HTTPS everywhere?
In the past, not all websites invested in SSL certificates and a lot of data was transferred in plain text. Needless to say, there was an urgent need for users to switch to secure data transfers while browsing the internet.
Produced in collaboration between The Tor project and the Electronic Frontier Foundation (EFF) in 2010, HTTPS Everywhere was launched as a must-have solution to this growing problem.
At the time of its release, it helped forward site connections to HTTPS (if websites had an HTTPS option) when users clicked HTTP links or typed website names into their browsers without specifying the prefix. “https: //”. Essentially, HTTPS Everywhere redirects you to the HTTPS version of a website you are trying to visit.
It was first released on Mozilla Firefox, but then the extension became very popular and eventually became part of all mainstream browsers.
The changing attitude towards SSL certificates
When the HTTPS Everywhere extension was first released, most websites did not support HTTPS, or HTTPS adoptions had not yet taken place at the website level.
But over time, Google and Microsoft have worked together to accelerate the adoption of HTTPS and enforce end-to-end encryption on the web. In addition to moving a large number of sites from HTTP to HTTPS, they also launched a built-in HTTPS-only mode that loads pages over secure connections only.
This built-in HTTPS mode has significantly reduced the use of the HTTPS Everywhere extension. After all, why would anyone want to use additional browser extensions (which may have their own security risks) when HTTPS is built right into your browser?
Attitudes regarding encrypted communications have certainly changed and HTTPS is no longer an isolated technology. In fact, at the time of writing, it is currently estimated that 86.6 percent of all websites support HTTPS connections.
But does that mean the HTTPS Everywhere extension is about to retire?
Is HTTPS Everywhere Retiring Now?
The end goal of HTTPS Everywhere was to become redundant. This would mean a world of internet connections where HTTPS is so easily accessible and widely available that users no longer need an additional browser extension.
With mainstream browsers offering native support for HTTPS-only mode, that moment has finally arrived.
Most browsers these days are capable of doing what the HTTPS Everywhere extension has been doing for over a decade. Seeing this growing trend and the increase in HTTPS adoptions, the EFF has finally made a announcement that it will retire its HTTPS Everywhere browser extension in 2022.
The four major consumer browsers (Microsoft Edge, Apple Safari, Google Chrome, and Mozilla Firefox) now natively provide automated upgrades from HTTP to HTTPS.
Enable HTTPS mode only
The Internet encryption landscape has changed dramatically over the years since the inception of the HTTPS Everywhere extension.
Now that the HTTPS Everywhere browser extension is retiring in 2022, it is better to enable HTTPS only mode in your browsers. It will not only give you peace of mind against spy attacks, but also protect your passwords, credit card and other personal information from hackers.
While HTTPS Everywhere itself may soon be retiring, HTTPS is now everywhere and here to stay!
What makes HTTPS, the secure version of the Internet Protocol, so secure? Does it really take care of your personal information?
About the Author