[The security box] Electronic Frontier Foundation will deprecate HTTPS Everywhere plugin

Jennifer Martinez reignblessing at yahoo.com
Wed Oct 6 13:32:58 EDT 2021 

Ok. I'm going to play stupid for a minute. What is depreciate? Is it not to make something worth less? Obsolete? Or worthless, as in zero value? What exactly...how exactly will this impact internet travel to the current http(s)? What is http anyway? Does anyone know what http(s)...what does it actually stand for? I know html stands for hyper-text-media-link? What then is http? Hyper-text-telecommunication-portal? Is that right? Anyone know for sure? 
Jen

Sent from Yahoo Mail on Android 
 
  On Tue, Oct 5, 2021 at 7:29 PM, Michael Brock via Thesecuritybox<thesecuritybox at 986themix.com> wrote:   
Electronic Frontier Foundation will deprecate HTTPS Everywhere plugin
Ars Technica  /  Jim Salter
 All four major browsers have duplicated HTTPS Everywhere functionality natively.  Enlarge / We had trouble even finding HTTPS statistics earlier than 2016—but even in 2016, fewer than one in four websites were delivered via HTTPS. 
Last week, the Electronic Frontier Foundation announced that it will deprecate its HTTPS Everywhere browser plugin in 2022. Engineering director Alexis Hancock summed it up in the announcement's own title: "HTTPS is actually everywhere."

The EFF originally launched HTTPS Everywhere—a plugin that automatically upgrades HTTP connections to HTTPS—in 2010 as a stopgap measure for a world that was still getting accustomed to the idea of encrypting all web-browser traffic.

When the plugin was new, the majority of the Internet was served up in plaintext—vulnerable to both snooping and manipulation by any entity that could place itself between a web-browsing user and the web servers they communicated with. Even banking websites frequently offered unencrypted connections! Thankfully, the web-encryption landscape has changed dramatically in the 11 years since then.

We can get some idea of just how far the protocol has come by looking at HTTP Archive's State of the Web report. In 2016—six years after HTTPS Everywhere first launched—the HTTP Archive recorded encrypted connections for fewer than one site in every four it crawled. In the five years since, that number has skyrocketed—as of July, the Archive crawls nine of every 10 sites via HTTPS. (Google's Transparency Report shows a similar progression, using data submitted by Chrome users.)

Although the increased organic HTTPS adoption influenced the EFF's decision to deprecate the plugin, it's not the only reason. More importantly, automated upgrade from HTTP to HTTPS is now available natively in all four major consumer browsers—Microsoft Edge, Apple Safari, Google Chrome, and Mozilla Firefox.

Unfortunately, Safari is still the only mainstream browser to force HTTPS traffic by default—which likely informed the EFF's decision to retire HTTPS Everywhere until next year. Firefox and Chrome offer a native "HTTPS Only" mode that must be user-enabled, and Edge offers an experimental "Automatic HTTPS" as of Edge 92.

If you'd like to enable HTTPS Only/Automatic HTTPS natively in your browser of choice today, we recommend visiting the EFF's own announcement, which includes both step-by-step instructions and animated screenshots for each browser. After enabling your browser's native HTTPS upgrade functionality, you can safely disable the soon-to-be-deprecated HTTPS Everywhere plugin.

Listing image by Rock1997 / Wikipedia
 

Original Article: https://arstechnica.com/?p=1798812

Michael BrockThank you for subscribing to the Security Box email list.  If you need list management options, please see the link for a section to log in, manage your subscription, and possibly other options that may be of interest.

Need help?  write the owner, and the owner will get back to you as quickly as possible.  Be clear on what you need.

Thanks for subscribing!

-- 
Thesecuritybox mailing list
Thesecuritybox at 986themix.com
http://mail.986themix.com/mailman/listinfo/thesecuritybox_986themix.com
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.986themix.com/pipermail/thesecuritybox_986themix.com/attachments/20211006/984caafa/attachment-0001.htm>

More information about the Thesecuritybox mailing list