A number of internet organizations and even the government want websites to use encryption by default in the future, and from the sound of it, Mozilla shares their view. The non-profit has announced that it plans to limit the capabilities of “the non-secure web” (aka websites that don’t use HTTPS), in order to encourage a more widespread use of encryption. Mozilla has a two-element approach in place, one of which is making all new features of the Firefox browser and its other products available only to secure websites when we reach a certain date. The org will consult its users — just like it did before it ultimately decided it wants to stop supporting unencrypted sites in the long run — not only to pinpoint that date, but also to decide what features are considered “new” by that time.
The other one is to gradually phase out “access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.” Mozilla knows that will cause many websites to break on its browser, though, so it promises to monitor the situation and attempt to strike a balance. We’ll likely hear more about the plan after the org submits its proposals to the W3C WebAppSec Working Group and when implementation begins. For now, you can read more about Mozilla’s plan on its Security Blog.
Filed under: Misc