The developers of the Electronic Frontier Foundation announced that they intend to stop developing the famous HTTPS Everywhere browser extension, since HTTPS widely used it, and in many popular browsers HTTPS-only modes have appeared.
By the way, we told you that Chrome will forcefully add HTTPS prefix to URLs.Let me remind you that the essence of HTTPS Everywhere, released in 2010, is simple: it forces a secure connection over HTTPS on all sites where possible.
Even if the user tries to access the unsecured version of the resource, the extension will still redirect it to the HTTPS version, if available. Over the years, the extension has gained a cult status among privacy advocates and has been integrated into the Tor Browser and then many other privacy-conscious browsers.
EFF CTO Alexis Hancock says the expansion will be in “maintenance” mode from the end of this year and into 2022.
At the same time, the final date of the “death” of HTTPS Everywhere, after which updates will cease to be released at all, has not yet been determined.
The developers made this decision due to the fact that currently about 86.6% of all sites on the Internet already support HTTPS connections. Browser manufacturers including Chrome and Mozilla previously reported that HTTPS traffic accounts for 90% to 95% of all connections.
Moreover, in 2020, a number of major browser manufacturers added HTTPS-only modes to their products, in which the browser tries to switch from HTTP to HTTPS on its own or displays an error message if the connection via HTTPS is not possible. Basically, the HTTPS-only modes now available in Mozilla Firefox, Google Chrome, Microsoft Edge and Apple Safari, and this is the same thing that HTTPS Everywhere has been doing for over a decade.
In a report published in March 2021, Mozilla developers reported that only 3.5% of the time Firefox had to switch from HTTP to HTTPS, and 92.8% of web pages were loaded immediately using HTTPS connections.
Let me also remind you that we wrote that Raccoon attack on TLS can be used to decrypt HTTPS traffic.