Print this page
Published in News

Firefox is about to label non-HTTPS sites as insecure

by on21 December 2017


By default

Firefox browsers might soon indentify sites which do not run HTTPS as insecure.

The current Firefox Nightly Edition - version 59 - includes a secret configuration option that when activated will show a visible visual indicator that the current page is not secure. There is a hidden preference named "security.insecure_connection_icon.enabled" that when enabled will show the above strikethrough lock icon on all HTTP pages.

In its current form, this visual indicator is a red line striking through a classic lock that's typically used to signal the presence of encrypted HTTPS pages.

There is a move within Mozilla to label all non-secure sites as insecure rather than saying a site is secure.

To enable this feature, users must navigate to the about: config settings section, search for the preference, and double-click to enable it.

Quite why anyone would is beyond me. It would basically tell you that most sites run by ordinary people are insecure and imply that they are unsafe. The reality is that blog sites don’t need to run HTTPS, and the configuration is not that straightforward. It is not a good idea to show a permanent warning when users are on HTTP pages as this could make users blind to more serious warnings.

HTTPS adoption has been growing, According to Let’s Encrypt data, 67 percent of web pages loaded by Firefox in November 2017 used HTTPS, compared to only 45 percent at the end of last year.
.

 

Last modified on 21 December 2017
Rate this item
(0 votes)