Mozilla strong-arming websites to drop HTTP
Mozilla plans to phase out HTTP support in Firefox, in a push to make browsing more secure. The organization wants websites to go all-in with HTTPS, revealing that it will leverage access to some of its browser's features and make proposals to The World Wide Web Consortium to get the ball rolling.
Mozilla's move may be seen as a way to strong-arm lots of website administrators into supporting HTTPS, as, after all, Firefox is the third most-popular browser today, with a desktop usage share of 11.7 percent. The protocol requires the purchase of a certificate, increasing website running costs, which can become a problem for smaller businesses.
Mozilla has not determined when it will set its plan in motion, saying that it is up to the "community" to agree upon a date and which "new" features should be unsupported when navigating HTTP websites. Basically, at this stage, Mozilla's plan is more of a concept.
Mozilla is aware that, if it goes along with this, Firefox users may not have the best experience when visiting certain sites, saying that dropping "features from the non-secure web will likely cause some sites to break". I wonder how many users will understand the point of it, and not switch to a browser that simply works.
"It should be noted that this plan still allows for usage of the 'http' URI scheme in legacy content. With HSTS and the upgrade-insecure-requests CSP attribute, the 'http' scheme can be automatically translated to 'https' by the browser, and thus run securely", notes Mozilla.
To some degree, phasing out HTTP makes sense, as HTTPS is more secure and, therefore, a fundamentally better option for websites and visitors alike. However, in this day and age, users expect their browser to allow them to visit all the websites they want to visit, unless it leads them to malware.
Warning them that the website they are visiting might be insecure sounds like a much better plan. Users will be more careful about which websites they frequent, and administrators will not want their sites to be seen as possibly endangering users. This way, users will at least not be frustrated by Firefox.