HTTPS Everywhere is 10 years old and why it has mattered

One of the things that most worries Internet users is security. One of the activities we do the most is web browsing. More than 10 years ago it was common to visit web pages using HTTP (Hypertext Transfer Protocol). When we use this protocol our data is not encrypted so it is easier for us to be victims of cybercriminals. Fortunately, things have changed a lot and today most of the data on the internet now uses HTTPS which is the secure version of HTTP. In this regard, there were a series of measures that made it easier to do so. In this article we are going to talk about HTTPS Everywhere that has turned 10 years old and why it has been important.

HTTPS Everywhere is 10 years old

What are HTTPS and HTTPS Everywhere

When we try to access a website on many occasions we find HTTPS in the address bar of our browser. This protocol will guarantee that the web page we are trying to access is protected by an SSL certificate and that point-to-point communication is encrypted. In case you don’t know, the Secure Sockets Layer (SSL) protocol, which is now called TLS in its different versions, is used to establish an encrypted link between the two systems, such as a browser and a web server. Thanks to the TLS protocol, it is guaranteed that the data transfer between two entities remains encrypted and private.

In the event that we want to know the details of the certificate, we will click on the padlock icon just before the URL of the website that we have in the browser’s address bar. You may be interested in knowing the SSL, TLS and HTTPS protocols and what their differences are.

On the other hand, HTTPS Everywhere is a free and open source browser extension whose purpose is to automatically make web pages use an HTTPS connection instead of HTTP. It was made thanks to a collaboration between The Tor Project and Electronic Frontier Foundation (EFF) in 2010. Their way of working is that in those web pages that are not yet encrypted by default using HTTPS, the HTTPS Everywhere extension allows forcing the connection with HTTPS if the web server supports it.

At launch, if an HTTPS version was available when users clicked HTTP links, HTTPS Everywhere redirects you to the HTTPS version of the web page we wanted to visit. The first to receive it was Mozilla Firefox, and then they have been added to Google Chrome, Opera, Tor Browser and Microsoft Edge.

How the situation has improved

At the time the HTTPS Everywhere extension came into use, most web pages did not support HTTPS. Fortunately, with the passage of time, thanks to the work of Google and Microsoft, it was possible to collaborate to accelerate the adoption of HTTPS and enforce end-to-end encryption on the web. This made it possible to move a large number of pages from HTTP to HTTPS, and in addition, they featured a built-in HTTPS-only mode that loaded pages only over secure connections.

Thus, this integrated HTTPS mode drastically reduced the use of the HTTPS Everywhere extension. On the other hand, attitudes towards communications have changed a lot thanks to the encryption offered by protocols such as HTTPS. This change shows that today 86.6% of all Internet sites already allow HTTPS connections . If you are interested in browsing privately, you can use DNS over HTTPS.

Does HTTPS Everywhere have a future?

The long-term problem HTTPS Everywhere had was becoming redundant. Right now HTTPS connections are so easily accessible and available that Internet users no longer need an additional browser extension.

In this regard, conventional browsers already offer native support for HTTPS. Thus, most browsers are capable of doing what this extension has already done for more than a decade. Seeing this growing trend and the increase in HTTPS adoptions, the EFF finally announced that it will retire its HTTPS Everywhere browser extension in 2022. The top four major browsers which are Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari already offer automatic updates natively from HTTP to HTTPS.

Enable HTTPS only mode

The internet encryption landscape has changed a lot in the years since the HTTPS Everywhere extension appeared. As we have already mentioned, this extension will be withdrawn in 2022, and therefore it would be a good idea to enable HTTPS only mode in our browsers. In addition to providing us with greater security against espionage attacks, it will also keep our passwords, credit cards and other confidential information away from cybercriminals.

Lastly, although HTTPS Everywhere will be retired soon, HTTPS is now everywhere and is here to stay and also to protect us.