Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Prepares To Mark All HTTP Sites 'Not Secure' After HTTPS Adoption Rises (bleepingcomputer.com)

Posted by BeauHD on from the secretly-configured dept.

An anonymous reader quotes a report from Bleeping Computer: The increased adoption of HTTPS among website operators will soon lead to browsers marking HTTP pages as "Not Secure" by default, and Mozilla is taking the first steps. The current Firefox Nightly Edition (version 59) includes a secret configuration option that when activated will show a visible visual indicator that the current page is not secure. In its current form, this visual indicator is a red line striking through a classic lock that's normally used to signal the presence of encrypted HTTPS pages. According to Let's Encrypt, 67% of web pages loaded by Firefox in November 2017 used HTTPS, compared to only 45% at the end of last year.

2 of 244 comments (clear)

  1. Re:why does my site need to be secure by Sloppy · · Score: 4, Interesting

    I am generally curious why someone would need EVERY site to be secured by https.

    I can't answer that question, but this..

    What about small businesses who dont offer any downloads or have any contact forms and as such their websites function like a digital flier.

    .. is easy. You don't want ISPs altering the flier. And people may recall, one of the big calls to arms for the whole Network Neutrality thing everyone has been talking about, is that ISPs were altering web replies to insert ads. I've heard Comcast users even say that Comcast still communicates some kinds of things to their customers by just barging into whatever web page a user happens to have loaded, and changing it to include a message from Comcast. (Because apparently email is too hard.)

    MitM can't only snoop; they can also change things.

    Examples involving intranets, though, I can't possibly get into Firefox's head. I am pretty sure whatever reason they come up with, will be bullshit. But I guess I ought to hear 'em, first...

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  2. And yet firefox hides http:// by default.. by Anonymous Coward · · Score: 3, Interesting

    The geniuses at Mozilla decided to hide the http: prefix from the user some time ago, so instead of http://www.cnn.com/ the user sees www.cnn.com

    The http: prefix indicates that THERE IS NO ENCRYPTION.

    Why hide it from the user and then add a non-standard indicator that there is no encryption?

    So many UI designers should be shot...