Firefox-maker Mozilla takes steps to make web surfing more secure
Mozilla, the maker of the Firefox web browser, said it would phase out a commonly used but insecure kind of web protocol to prevent hackers and governments from spying on users.
The non-profit developer community said it would eventually stop supporting non-secure HTTP, or hypertext transfer protocol, for exchanging data on the web. Instead, it plans to switch over to “HTTPS,” an encrypted version of the protocol that ensures better privacy and security for users.
HTTPS has been gaining support in a number of corners lately including the United States’ government. Other organizations, like the Electronic Frontier Foundation, have been pushing a wide array of Internet services and websites to adopt the technology amid heightened worries about security in the wake of revelations by National Security Agency-whistleblower Edward Snowden about government spying.
Mozilla security lead Richard Barnes and his colleague Martin Thomson drafted a document outlining the move and its rationale. “The web needs to stop using insecure HTTP and move to HTTPS,” they write. “We should begin making it less appealing to deploy new things over HTTP, in order to create incentives for HTTPS adoption.”
After initiating a public email thread in mid-April, Barnes announced that Mozilla is pressing forward with a plan to phase out the protocol. The community must next figure out a deadline after which new features will be available only for secured websites and also when access to browser features for non-secured websites will be taken offline. As Barnes writes on the Mozilla security blog:
Since the goal of this effort is to send a message to the web developer community that they need to be secure, our work here will be most effective if coordinated across the web community. We expect to be making some proposals to the W3C WebAppSec Working Group soon. [Editor’s note: that W3C group helps with improving the security of the web.]
Currently, about 30% of the Internet traffic in North America is protected with HTTPS encryption. That share is projected to increase to more than two-thirds by the end of 2016 as video streaming service Netflix begins encrypting all of its traffic over the next couple of years.
Earlier Thursday the Canadian networking equipment company Sandvine released a report predicting that more than half of the world’s Internet traffic will be secured with encryption by the end of this year.
For more about cyber security, watch this Fortune video: