In case you have been living under a rock for the past few decades (a rock without broadband), you probably know that the Internet can be a pretty insecure place. Not insecure like in its confidence, but insecure in a way that can cause you some serious privacy issues when surfing the Web.
The Hypertext Transfer Protocol (HTTP) is the standard application protocol that the World Wide Web uses to distribute information. It moves information between links — between you and the websites you want to access — and it moves that information in a plain text format. Therefore, if someone was to spy on that information, it would be readable. That includes everything from the contents of a Web page to the credit card information you just submitted to pay for goods.
HTTPS is the secure form of that protocol, and it works by layering the HTTP information with encryption such as SSL or TLS. In short, it makes that plain text unreadable by anyone who doesn’t have the key to the information. When you use HTTPS on Amazon, for instance, your credit card information is hidden to everyone except you and Amazon. Considering the inherent danger in having someone use your personal information, the use of HTTPS can be a great thing.
The most high-level news related to HTTPS that’s now moving along the Web is the announcement from the Mozilla Security Blog that the developers of the Firefox Web browser want to deprecate the use of non-secure HTTP.
“There’s pretty broad agreement that HTTPS is the way forward for the web,” the blog post begin.
“After a robust discussion on our community mailing list, Mozilla is committing to focus new development efforts on the secure Web, and start removing capabilities from the non-secure Web.”
Mozilla said it will begin by setting a date for when certain features in the Firefox browser will only be available to HTTPS-driven sites and that it will phase out access to browser features for non-secure websites.
Before you get into a fit, this does not mean that all of the insecure Web will be unusable. There are many parts of the Internet that are inherently secure because they simply do not pose a threat in the first place. If you are reading plain text in a browser without Javascript turned on, for instance, you probably won’t stumble across any malicious code that will harm your computer or invade your privacy.
However, to reiterate, if you post your credit card information or any other personally-identifying information, you could be at risk. The Mozilla blog as implies that computer accessories such as microphones and cameras could be inherently insecure. The post says specifically that your browser could still draw elements on the screen, but it would not allow for HTTP to access a microphone or webcam.
While more experienced readers here may have had their own struggles with HTTPS, including the headache of trying to setup their own websites with a security certificate, there has been progress made in that arena. The nearly-here Let’s Encrypt will allow you to easily install software which will manage a certificate for your own site, and the established StartSSL already offers basic security certificates for free. They used to be must more expensive and harder to install. Those days are moving behind us.
The use of HTTPS is a good idea, but it is not without challenges. There is support for this trend from other organizations such as Google which enabled a features in its Chrome browser that warns users about insecure connections. There is also clearly help from groups such as Let’s Encrypt and StartSSL. There is no set date on the Mozilla blog post about when features could begin to disappear, but its weight as a major browser could sway more individuals and organizations to secure their sites.
