Electronic Frontier Foundation to deprecate the HTTPS Everywhere plugin
Last week the Electronic Frontier Foundation announcement that it will deprecate its HTTPS Everywhere browser connect in 2022. Engineering Director Alexis Hancock summed it up in the headline of the ad: “HTTPS is actually everywhere. “
The EFF at the origin spear HTTPS Everywhere, a plug-in that automatically upgrades HTTP connections to HTTPS, in 2010 as an interim measure for a world still getting used to the idea of encrypting all web browser traffic.
When the plug-in was new, the majority of the internet was delivered in clear text, vulnerable to both snooping and manipulation by any entity that could come between a user browsing the web and the web servers with which he communicated. Even banking sites frequently offered unencrypted connections! Fortunately, the landscape of web encryption has changed dramatically over the next 11 years.
We can get an idea of how far the protocol has come by looking at the web state of HTTP Archive. report. In 2016, six years after the first launch of HTTPS Everywhere, the HTTP archive recorded encrypted connections for less than one in four sites it crawled. Over the next five years, that number skyrocketed. As of July, the archives crawl nine out of ten sites over HTTPS. (from Google Transparency report shows a similar progression, using data submitted by Chrome users.)
While the increased adoption of organic HTTPS influenced the EFF’s decision to depreciate the plugin, that’s not the only reason. More importantly, the automated upgrade from HTTP to HTTPS is now natively available in all four major consumer browsers: Microsoft Edge, Apple Safari, Google Chrome, and Mozilla Firefox.
Unfortunately, Safari is still the only mainstream browser to force HTTPS traffic by default, which likely influenced the EFF’s decision to remove HTTPS Everywhere until Following year. Firefox and Chrome offer a native “HTTPS only” mode that must be activated by the user, and Edge offers experimental “automatic HTTPS” from Edge 92.
If you want to enable HTTPS only / Automatic HTTPS natively in your browser of choice today, we recommend that you visit the EFF’s own site. announcement, which includes both step-by-step instructions and animated screenshots for each browser. After enabling your browser’s native HTTPS upgrade feature, you can safely disable the soon-to-be-obsolete HTTPS Everywhere plug-in.
List image by Rock1997 / Wikipedia