Mozilla decides to restrict its new Firefox update and features to HTTPS-encrypted sites. Is this a good move or a little too soon?
Even though Mozilla’s popularity has declined in the past few years, mainly due to the company’s snail’s pace to adapt to new tech, “for example, Mozilla promptly implemented WebRTC, however, it remained cumbersome to use for a very long time, requiring developers to set up a fake audio or video stream in order to even initiate a DataChannel,” the once flaming web browser still cares about the safety of its loyal users and still wants to make the internet a better, safer place for everyone. Last Thursday, Mozilla announced that it will restrict the new Firefox update and features to websites using HTTPS encryption only as a step forward to fortify internet security.
In a blog post issued last Thursday, Mozilla explained:
“There’s pretty broad agreement that HTTPS is the way forward for the web. In recent months, there have been statements from IETF, IAB (even the other IAB), W3C, and the US Governmentcalling for universal use of encryption by Internet applications, which in the case of the web means HTTPS.”
HTTPS is a commonly used protocol to encrypt connection, however, it isn’t the default connection. This is why Mozilla is limiting its new Firefox update and features to HTTPS in hope to standardize and encrypt connections to make the web a more secure environment.
“There’s pretty broad agreement that HTTPS is the way forward for the web,” wrote Mozilla’s Firefox security leader Richard Barnes. “Mozilla is committing to focus new development efforts on the secure web, and start removing capabilities from the non-secure web.”
Mozilla’s plan for the new HTTPS-restricted Firefox update
Team Mozilla has gone through extensive discussions on how they’re going to move forward their new strategy to make the new Firefox update and features limited to secure websites only, using HTTPS certificates.
The first point the company has agreed on is setting a specific date for all new updates and features to be successfully available only for HTTPS sites.
Firefox Security Lead Richard Barnes in a blog post declared:
” For the first of these steps, the community will need to agree on a date, and a definition for what features are considered “new”. For example, one definition of “new” could be “features that cannot be polyfilled”. That would allow things like CSS and other rendering features to still be used by insecure websites, since the page can draw effects on its own (e.g., using <canvas>). But it would still restrict qualitatively new features, such as access to new hardware capabilities.”
The second approach will be to get rid of features and elements that pose as security threats to the user’s online privacy. Barnes continued:
“The second element of the plan will need to be driven by trade-offs between security and web compatibility. Removing features from the non-secure web will likely cause some sites to break. So we will have to monitor the degree of breakage and balance it with the security benefit. We’re also already considering softer limitations that can be placed on features when used by non-secure sites. For example, Firefox already prevents persistent permissions for camera and microphone access when invoked from a non-secure website. There have also been some proposals to limit the scope of non-secure cookies.”
Nonetheless, it has been stated when exactly will this new Firefox update will be released and many of tech-heads are waiting to see the fruitful results of this approach.