Mozilla is undertaking a series of steps designed to push the Web toward full encryption under the secure hypertext protocol, which protects user traffic from eavesdroppers.
“There’s pretty broad agreement that HTTPS is the way forward for the Web,” the company said in a blog post Thursday, noting government calls for Web encryption.
{mosads}“After a robust discussion on our community mailing list, Mozilla is committing to focus new development efforts on the secure Web, and start removing capabilities from the non-secure Web.”
Mozilla, whose trademark product is the Firefox Web browser, plans to set a deadline after which new features will only be available to websites that use the secure protocol.
Additionally, the company will phase out access to Firefox features for nonsecure websites. A timetable for these changes was not announced this week.
Firefox Security Lead Richard Barnes acknowledged that the steps will cause some sites to “break” for Firefox users.
“We will have to monitor the degree of breakage and balance it with the security benefit,” he wrote.
“We’re also already considering softer limitations that can be placed on features when used by non-secure sites,” he added.
“For example, Firefox already prevents persistent permissions for camera and microphone access when invoked from a non-secure website.”
HTTPS is used by major websites, particularly e-commerce sites, as a way to ensure the security of users’ information.
The White House converted its website to HTTPS in March, following the encryption of sites such as HealthCare.gov and FTC.gov. Hundreds of other official government pages do not use the secure protocol.
The Obama administration has made encryption of government websites a priority.
“Unencrypted HTTP connections create a privacy vulnerability and expose potentially sensitive information,” stated a website launched in March to promote the shift.
“Data sent over HTTP is susceptible to interception, manipulation, and impersonation. This data can include browser identity, website content, search terms, and other user-submitted information.”