Mozilla, the makers of the Firefox browser announced on April 30th that they will be phasing out non-secure HTTP.
This is an effort to make the web a more secure place in the light of things like Edward Snowden revealing the massive dragnet run by the NSA. It’s a great idea, but what does this mean for the average web user?
Mozilla has two key points;
- 1. Setting a date (currently not set afaik) where all new features will only be available to secure sites.
- 2. Phasing out access to browser features for sites that aren’t secure, with heavy focus on features that could allow sensitive user data to be insecure.
For the first, the example Mozilla gives us is ‘features that cannot be polyfilled’ so new exciting CSS/hardware techniques could be withheld. The Mozilla community is still voting and forming a list of which features should be withheld.
For the second point, they will actively remove features that would or could compromise security. They state ‘this will likely cause some sites to break’, so they will be monitoring the severity of broken sites in lieu of, weighting security vs. function. Things in this category could be geo-location or camera/microphone technologies.
The main thing developers and site owners need to take away from this, is look at getting an SSL certification. It’s only one browser, but it’s a big one. Don’t’ fret; SSL’s can be cheap or even free.
Personally, I don’t feel it’s the best solution, but it’s a start. Now that pretty much everyone is on the internet, we need to continuously improve it, and making it a safer place is a good start.