Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Mozilla Looks to Phase Out Unencrypted Web

    By
    Guest Author
    -
    May 7, 2015
    Share
    Facebook
    Twitter
    Linkedin
      Mozilla Firefox

      By Matthew Broersma

      Mozilla is looking to formally phase out Websites that don’t rely on the secure SSL or TLS protocols, in a move that has ignited controversy amongst Web developers.

      “Today we are announcing our intent to phase out non-secure HTTP,” said Firefox security lead Richard Barnes in a blog post. “There’s pretty broad agreement that HTTPS is the way forward for the Web.”

      HTTPS, or HTTP Secure, refers to Websites that use the Web’s standard hypertext transfer protocol, or HTTP, in combination with the SSL or TLS encryption techniques.

      Barnes referred to recent statements by organizations including the U.S. government calling for the universal use of encryption, and said that Mozilla will begin limiting the features offered to Websites that don’t deploy it.

      “Mozilla is committing to focus new development efforts on the secure Web, and start removing capabilities from the non-secure Web,” Barnes stated.

      A key point will be to set a date by which all new features will be available only to encrypted Websites, followed by a gradual phase-out of access to browser features that don’t use encryption, particularly “features that pose risks to users’ security and privacy,” Barnes said.

      Firefox has backed the spread of Web encryption through efforts such as Let’s Encrypt, which it co-sponsored last November, and which aims to provide free TLS certificates to any domain name owner, along with management tools.

      However, a strategy that would phase out the browser features available to non-encrypted Websites faces significant hurdles, primarily because, as Barnes acknowledged, it would mean that many Websites would stop working properly.

      Broken sites

      “Removing features from the non-secure Web will likely cause some sites to break,” he wrote. “So we will have to monitor the degree of breakage and balance it with the security benefit.”

      The move would mean an inconvenience to many, since it would ultimately require anyone running a Website or any kind to deploy encryption tools—something that remains complex, in spite of the existence of programs such as Let’s Encrypt. The move would also mean that, for instance, a Web application running or being tested on a company’s internal network would need to be encrypted in order to work properly in Firefox.

      However, some developers have opposed the move in principle, since it would limit Web publishing to those with the means to deploy encrypted Websites.

      That would seem to run against the values of the “Open Web” movement, of which Mozilla is a prominent advocate, according to developer Sven Slootweg, a backer of widespread encryption.

      “I believe that this decision is harmful to the open Web,” he wrote in a blog post. “Introducing forced TLS would create an imbalance between those who have the money and means to purchase a certificate (or potentially many certificates), and those who don’t… Isn’t the point of an ‘open Web’ that the same features are available to everybody, regardless of financial means or other qualifications?”

      ‘Open Web’

      He added that it would be wrong to shift developers toward universal Web encryption when the mechanisms currently in place have “fundamental” weaknesses, as has been illustrated by recent security slip-ups involving major companies such as Microsoft and Google.

      “There are fundamental problems with the way TLS is currently deployed in practice, problems that absolutely need solving before a forced global deployment of TLS can happen,” Slootweg wrote.

      Mozilla argued the discussion should now focus on what features should be blocked for unencrypted Websites, noting that some are already limited.

      “Firefox already prevents persistent permissions for camera and microphone access when invoked from a non-secure Website,” Barnes wrote. “There have also been some proposals to limit the scope of non-secure cookies.”

      He added that the proposed phase-out is intended to “send a message” about security.

      “The goal of this effort is to send a message to the Web developer community that they need to be secure,” Barnes wrote.

      Guest Author

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×