The latest Firefox update is finally here, and comes packaged with a new feature that tries to make browsing a bit less scary.
“What might that be?” you’d be right to ask: an option to flip on what’s called “HTTPS-only mode.” In this state, Firefox will try to establish an HTTPS connection with every website, rather than a somewhat less secure HTTP connection. In the cases where websites don’t support HTTPS, Firefox will ask for your permission before connecting to that site.
“Security on the web matters,” The company explained in a blog post describing the new feature. “Whenever you connect to a web page and enter a password, a credit card number, or other sensitive information, you want to be sure that this information is kept secure.”
To beak things down a bit, the hypertext transfer protocol — or HTTP for short — is the standard protocol that web browsers, sites, and servers use to communicate. It’s a foundational piece of technology, but unfortunately the data that’s transferred through HTTP is unencrypted, which is bad news if bad actors (or, sometimes, security researchers) to intercept that data mid-transit. HTTPS meanwhile, adds a layer of encryption, which helps keep data safe if any baddies are snooping on those same packets of data as their zipping around between browsers and servers.
HTTPS isn’t perfect by any means, and cybersecurity analysts have pointed out that popular strains of malware are evolving to be undetectable even in this somewhat more secure environment. But migrating a given site from HTTP to HTTPS is an easy way to keep those site visitors safe from some pretty basic hacking manoeuvres, and is quickly becoming the default for browsing across the web. As of this month, just over two-thirds of the sites on the web use the more secure standard as their default.
The company added that there’s cases where a site that uses HTTPS might be housing an image or video that happens to use the HTTP standard — which means that these sites might look a bit funky or even malfunction in this new mode. In cases like that, Firefox users can disable their HTTPS-only connections by clicking on the lock icon in their address bar.
Firefox’s new HTTPS feature is disabled by default, but users can toggle it on via the privacy and security tab on the Firefox options page.
If your Firefox browser doesn’t update automatically, you can download the latest release and try the new feature for yourself here.