Data transfers between a web browser and a visiting website should always be secure. Before internet encryption was adopted, all data was transferred using the unencrypted HTTP (Hypertext Transfer Protocol) that leaves your information vulnerable to eavesdropping, interception, and alteration.
Fortunately, most data over the internet now uses HTTPS, the secure version of HTTP. And for those websites that are still unencrypted, the HTTPS Everywhere extension ensures that each unencrypted transfer is automatically converted to HTTPS.
But what exactly is HTTPS and HTTPS Everywhere? And is the growing awareness towards secure internet connections finally bringing HTTPS Everywhere close to retirement?
What Is HTTPS?
You can find HTTPS in the URL field when you are trying to reach a website. This protocol guarantees that the website you are trying to reach is secured by an SSL certificate.
The Secure Sockets Layer (SSL) protocol is used for establishing an encrypted link between the two systems such as a browser and a web server. Primarily, SSL ensures that the data transfer between two entities remains both encrypted and private.
To view the SSL certificate details, you can click on the padlock symbol on the browser bar right before the website URL.
What Is HTTPS Everywhere?
In the past, not all websites invested in SSL certificates, and a lot of data was transferred in plain text. Needless to say, there was a dire need for users to be switched to secure data transfers while browsing the internet.
Produced as a collaboration between The Tor Project and the Electronic Frontier Foundation (EFF) in 2010, HTTPS Everywhere was launched as the much-needed solution for this growing problem.
At the time it was released, it helped transfer site connections to HTTPS (if the websites had an HTTPS option available) when users clicked on HTTP links or typed website names in their browser without specifying the “https://” prefix. Essentially, HTTPS Everywhere redirects you to the HTTPS version of a website that you are trying to visit.
It launched first on Mozilla Firefox, but the extension then became vastly popular and eventually became part and parcel of all mainstream browsers.
The Shifting Attitude Towards SSL Certificates
When the HTTPS Everywhere extension first came out, most websites either didn't support HTTPS or HTTPS adoptions had not yet taken place at the website level.
But over time, Google and Microsoft collaborated to expedite HTTPS adoption and enforce end-to-end encryption on the web. Along with moving a huge number of sites from HTTP to HTTPS, they also launched a built-in HTTPS-only mode which loads pages through secure connections only.
This built-in HTTPS mode drastically reduced the usage of the HTTPS Everywhere extension. After all, why would anyone want to use extra browser extensions (that can come with their own security risks) when HTTPS is integrated right into your browser?
Attitudes regarding encrypted communications have certainly changed and HTTPS is not an isolated technology anymore. In fact, at the time of writing, it is estimated that currently, 86.6 percent of all internet sites support HTTPS connections.
But does this mean the HTTPS Everywhere extension is about to retire?
Is HTTPS Everywhere Retiring Now?
The eventual aim for HTTPS Everywhere was to become redundant. That would mean a world of internet connections where HTTPS is so easily accessible and vastly available that users no longer need an extra browser extension.
With mainstream browsers offering native support for HTTPS-only mode, that time has finally arrived.
Nowadays, most browsers are capable of doing what HTTPS Everywhere extension has been doing for over a decade. Seeing this growing trend and rise in HTTPS adoptions, the EFF finally made an announcement that it will retire its HTTPS Everywhere browser extension in 2022.
All four major consumer browsers—Microsoft Edge, Apple Safari, Google Chrome, and Mozilla Firefox—now natively provide automated upgrades from HTTP to HTTPS.
Enable HTTPS-Only Mode
The internet encryption landscape has changed significantly in the years since the inception of the HTTPS Everywhere extension.
Now that the HTTPS Everywhere browser extension will be retiring in 2022, it's best to enable the HTTPS-Only mode in your browsers. It will not only provide you with peace of mind against snooping attacks, but will also keep your passwords, credit card, and other personal information protected from hackers.
While HTTPS Everywhere itself might be retiring soon, HTTPS is now everywhere and here to stay!