EFF has announced the progressive withdrawal of HTTPS Everywhere, an extension that first came to Firefox and then to other browsers increasing internet security since it allowed to encrypt the communications between browsers and websites at a time when the HTTPS protocol had not yet been widely adopted.
Today it is common for data transfers between browsing clients that we use on a daily basis to connect with websites to occur in a secure manner through the use of the Secure hypertext transfer protocol o HTTPS and its encrypted channel under the security provided by the TLS transport layer.
A decade ago the situation was very different and most communications were transferred via Unencrypted HTTP that left the information vulnerable to eavesdropping, interception and alteration.
HTTPS Everywhere is here
To solve what was a monumental problem and improve the security of networks and especially the Internet, the Electronic Frontier Foundation created in 2010 in collaboration with the TOR project a browser plugin which essentially automatically forced websites to use HTPPS connections. Free and open source, it became tremendously popular and millions of users used it first in Firefox and then in the rest of the main browsers where it ended up being published.
Today, most browsers are capable of doing what the HTTPS Everywhere extension has been doing for over a decade. In fact, the goal of it it was to become redundant. This would mean a world of Internet connections where HTTPS is easily accessible and so widely available that users do not need an additional extension in browsers.
The moment has arrived. It is estimated that 87% of all Internet sites today support HTTPS connections and, in addition, all major browsers (Chrome, Firefox, Edge and Safari) have a native “HTTPS-only” mode that loads pages only through secure connections.
Seeing this growing trend and the rise in HTTPS adoptions, the EFF is preparing to discontinue this add-on, although will keep it in 2022 in ‘maintenance mode’ to support users and partners to make the transition. Other browsers like Brave have used HTTPS redirects provided by the HTTPS Everywhere rule set list for years.
Nowadays, where, fortunately, encrypted links are used massively between browsers and web servers, we may not remember the great utility of this add-on, which generally improved the security of the network of networks.
