Last week, the Electronic Frontier Foundation Announced which will disapprove your HTTPS Everywhere browser plug in 2022. Engineering director Alexis Hancock summed it up in the ad’s own title: “HTTPS is everywhere.”
The EFF originally thrown out HTTPS Everywhere, a plugin that automatically updates HTTP connections to HTTPS, in 2010 as a stopgap for a world that was still getting used to the idea of encrypting all web browser traffic.
When the plugin was new, most of the Internet was offered in plain text, vulnerable both to espionage and manipulation by any entity that could be located between a user browsing the web and the web servers with which it communicated . Even banking websites frequently offered unencrypted connections! Fortunately, the landscape of web encryption has changed dramatically in the 11 years since then.
We can get an idea of how far the protocol has come by looking at the state of the HTTP Archive web. report. In 2016, six years after the launch of HTTPS Everywhere, the HTTP Archive recorded encrypted connections for less than one site in four it crawled. In the five years since then, that number has skyrocketed; As of July, the Archive crawls nine out of 10 sites over HTTPS. (Of Google Transparency report shows a similar progression, using data submitted by Chrome users).
Although the increased adoption of organic HTTPS influenced the EFF’s decision to disapprove the plugin, it is not the only reason. More importantly, the automated upgrade from HTTP to HTTPS is now available natively in all four major consumer browsers: Microsoft Edge, Apple Safari, Google Chrome, and Mozilla Firefox.
Unfortunately, Safari is still the only mainstream browser that forces HTTPS traffic by default, which likely informed the EFF’s decision to withdraw HTTPS Everywhere until Next year. Firefox and Chrome offer a native “HTTPS Only” mode that must be enabled by the user, and Edge offers an experimental “Automatic HTTPS” starting with Edge 92.
If you want to enable HTTPS Only / Automatic HTTPS natively in your browser of choice today, we recommend that you visit the EFF itself ad, which includes step-by-step instructions and animated screenshots for each browser. After enabling the native HTTPS update functionality of your browser, you can safely disable the HTTPS Everywhere plugin, which will soon be deprecated.
Image listing by Rock1997 / Wikipedia