The Electronic Frontier Foundation (EFF) is planning to retire the HTTPS Everywhere browser extension because, 10 years on from the release of the plugin, its security mission has been accomplished.
Growing HTTPS adoption and native browser support to enforce HTTPS-only connections are making the plugin redundant.
HTTPS Everywhere – an open source browser extension for Google Chrome, Mozilla Firefox, Microsoft Edge, Opera, Brave, Tor and Firefox for Android or Brave for Mobile – automatically set up a more secure HTTPS connection instead of a HTTP link where sites supported the technology. Users could also block or unblock HTTP-only sites.
‘S’ for security
Forcing usage of HTTPS automatically where possible is nowhere near as necessary as it once was, hence the decision to phase out and retire the HTTPS Everywhere extension by the end of 2022.
Users should enable HTTPS-only mode in their browsers, as explained in a blog post by the EFF yesterday (September 27).
“Thanks to efforts of parties like EFF, Let’s Encrypt and browser vendors, most web traffic is over a secured channel nowadays,” said infosec blogger John Opdenakker in a post typical of the reaction of many in the community on Twitter.
Certificate authority Let’s Encrypt added in the “10 years since they launched it, the internet actually has HTTPS (almost) everywhere. What an exciting milestone!”
Romanian software developer Alex Nedelcu said “Interestingly there are still people thinking HTTPS isn’t needed for all websites, but they are wrong. TLS/SSL connections aren’t useful just for protecting what user sends, but also for signing what the server sends.”
