Mozilla is rolling out a new security feature in Firefox 83 that should make browsing the web slightly safer.
Firefox’s new ‘HTTPS-Only Mode’ in the version 83 update will help users stay in the more secure HTTPS protocol rather than the less secure HTTP variant. The main benefit of HTTPS is that it encrypts communication between a computer and the website, preventing ‘man-in-the-middle attacks and also blocking malicious actors from eavesdropping on or tampering with communications.
Although many sites do use HTTPS, there are still some that use HTTP. Further, websites often fall back to HTTP, and the web is still full of legacy HTTP links that can bring users to insecure versions of websites.
HTTPS-Only Mode in Firefox attempts to establish secure HTTPS connections to every website — if a site doesn’t work, Firefox displays a warning page and users can choose whether to connect to the HTTP site or avoid it. This also works when users click on HTTP links — Firefox will try to upgrade the connection to HTTPS and if the upgrade fails, will warn users before they connect to an insecure website.
HTTPS-Only Mode or HTTPS Everywhere extension?
It’s worth noting that HTTPS-Only Mode offers similar functionality to a popular browser extension called ‘HTTPS Everywhere.’ There are a few core differences between the two, however. Mainly, Firefox’s HTTPS-Only Mode always attempts to upgrade HTTP connections to HTTPS while the HTTPS Everywhere add-on uses a rules list of sites that can be upgraded to HTTPS to function. The upside HTTPS Everywhere’s approach is that it won’t waste resources trying to establish a connection to an HTTP website that doesn’t offer an HTTPS alternative, while HTTPS-Only Mode while attempt the connection and then notify the user if it didn’t work. On the flip side, HTTPS-Only Mode will upgrade sites HTTPS Everywhere may miss if they aren’t included in the add-ons rules list.
Ultimately, if you’re using Firefox, HTTPS-Only Mode may be the better solution since it’s built into the browser, but there are instances where HTTPS Everywhere is worth using instead. And for those who aren’t on Firefox and want a similar feature, HTTPS Everywhere offers ‘Encrypt All Sites Eligible’ (EASE) mode, which works very similarly to HTTPS-Only Mode in Firefox.
How to enable HTTPS-Only Mode
To turn on HTTPS-Only Mode in Firefox, make sure you’re running version 83 or newer (click the menu button in the top-right corner > Help > About Firefox). Once your browser is up to date, click the menu button > Options (or Preferences) > Privacy & Security > HTTPS-Only Mode > select whether you want it enabled in all windows, private windows only or choose not to enable HTTPS-Only Mode.
Source: Mozilla