The Electronic Frontier Foundation (EFF) says that it plans on deprecating it’s HTTPS Everywhere extension.
With so much depressing news happening lately, it’s nice to have a chance to report on something positive. The Electronic Frontier Foundation (EFF) has announced that it will deprecate their HTTPS Everywhere extension. The reason is that HTTPS is now essentially everywhere now.
HTTPS is an added layer over HTTP. What it essentially guards against is snooping and certain kinds of man in the middle attacks. HTTP communication is unencrypted and can be read by third parties easily. HTTPS encrypts this communication, making it harder for users to be spied upon while they browse the web. A more detailed description can, of course, be found on Wikipedia.
In the earlier days, HTTPS was really meant for digital transactions. Things like banks and shopping online was generally recommended to be handled with HTTPS encryption. That way, financial details would be secure. For general browsing for, say, free news articles or your standard web forum, HTTPS was considered overkill on the security front. However, as governments from around the world became more interested in snooping on the web, more and more came to the conclusion that the rest of the web should consider HTTPS. Some still believe that simple browsing of the web doesn’t really need HTTPS of course, but those voices increasingly became a minority as the push to completely encrypt the web was on.
On Freezenet’s side of things, we knew that this site would eventually need encrypting. While we were developing the site, we had enabling HTTPS on our to-do list. When we actually got to that point in our checklist, web browsers started making HTTPS a standard protocol, considering plain HTTP traffic to be unsecure. This ultimately took some of the thunder away from our move and subsequent announcement back in 2018, but we, nevertheless, enabled it anyway with an unexpected necessity. As anyone who enabled HTTPS knows, it takes a bit of extra coding to ensure that every element is encrypted. A royal pain sometimes, but a problem that can eventually be solved.
Still, to help users get to a more secure web, the EFF created a web extension known as HTTPS Everywhere. The idea is that the extension creates HTTPS encryption on websites where there is none otherwise. The ultimate goal is that the extension would one day be worthless because website owners actually use HTTPS. Now, that day is coming closer with the goal of encouraging owners to encrypt their site seemingly being met. From the EFF:
For more than 10 years, EFF’s HTTPS Everywhere browser extension has provided a much-needed service to users: encrypting their browser communications with websites and making sure they benefit from the protection of HTTPS wherever possible. Since we started offering HTTPS Everywhere, the battle to encrypt the web has made leaps and bounds: what was once a challenging technical argument is now a mainstream standard offered on most web pages. Now HTTPS is truly just about everywhere, thanks to the work of organizations like Let’s Encrypt. We’re proud of EFF’s own Certbot tool, which is Let’s Encrypt’s software complement that helps web administrators automate HTTPS for free.
The goal of HTTPS Everywhere was always to become redundant. That would mean we’d achieved our larger goal: a world where HTTPS is so broadly available and accessible that users no longer need an extra browser extension to get it. Now that world is closer than ever, with mainstream browsers offering native support for an HTTPS-only mode.
With these simple settings available, EFF is preparing to deprecate the HTTPS Everywhere web extension as we look to new frontiers of secure protocols like SSL/TLS. After the end of this year, the extension will be in “maintenance mode.” for 2022. We know many different kinds of users have this tool installed, and want to give our partners and users the needed time to transition. We will continue to inform users that there are native HTTPS-only browser options before the extension is fully sunset.
So, an extension heading into the sunset for many of the right reasons. Since web browsers do offer HTTPS only modes, the EFF also offers short step by step instructions on how to enable HTTPS modes in different browsers. That way, if you still feel the need to use something like HTTPS Everywhere after the plugin is no longer maintained, you can essentially get the same experience moving forward.
One thing is for sure, this was a rather successful project.
Drew Wilson on Twitter: @icecube85 and Facebook.
