Electronic Frontier Foundation, earlier last week announced it will deprecate HTTPS Everywhere browser plugin in 2022.
The HTTPS Everywhere plugin was launched by EFF in 2010, the plugin automatically upgraded the HTTP connections to HTTPS. A stopgap measure as the world was still coming to terms with the idea of encrypting all web-browser traffic.
Initially, when the plugin was implemented, most of the Internet served in plaintext. It was vulnerable to both snooping and manipulation, which made it easy to place itself between a web-browsing user and the web servers they communicated with. Back then even banking websites were frequently offered unencrypted connections. 11 years since then the web-encryption landscape has changed dramatically.
There has been tremendous progress made ever since HTTPS Everywhere was launched. According to a State of Web report in 2016, just six years after its launch, the HTTP Archive recorded encrypted connections for fewer than one site in every four it crawled. The numbers skyrocketed in the next five years since then, as of July, the Archive crawls nine of every 10 sites via HTTPS. We can see a similar progression using data submitted by Chrome users in Google’s Transparency Report.
The increased organic HTTPS adoption is not the only reason EFF has decided to deprecate the plugin. Now users can automatically upgrade from HTTP to HTTPS natively in all four major consumer browsers such as Microsoft Edge, Apple Safari, Google Chrome, and Mozilla Firefox.
Though Safari is the only browser to force HTTPS traffic by default. While Firefox and Chrome browsers natively offer “HTTPS Only” mode, users are required to enable it, while Edge offers an experimental “Automatic HTTPS” as of Edge 92.
It would be good to go through EFF’s own announcement, if you wish to enable HTTPS Only / Automatic HTTPS natively in your browser of choice today. As it includes both step-by-step instructions and animated screenshots for each browser. Once you enable the browser’s native HTTPS upgrade functionality you can safely disable the soon-to-be-deprecated HTTPS Everywhere plugin.