Mozilla is phasing out HTTP in favor of HTTPS: http://news.softpedia.com/news/Mozilla-Is-Phasing-Out-HTTP-Support-a-Legacy-Mode-Will-Be-Available-479895.shtmland
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/and
https://letsencrypt.org/Websites will be have "new features" disabled to pressure them into using TLS.
This all became possible because IE will soon join "Clippy" in the M$' Afterlife,
well at least that is what they plan for the future.
Also Google Chrome is planning to support the transition of HTTP through HTTPS.
Also to better thward off ad-blocking, conflicting with their main income scheme.
My personal question is why change unsecurity through another form of unsecurity driven by obscurity and encryption.
Malvertising detection will get harder. Loads and loads of website owners will continue to provide mixed and unsecure content and continue their unsecure misconfiguration of server and CMS (and plug-ins and themes) and endanger users further through outdated software and vulnerabilities.
First see to it that the protocol is configured securely, educate those that are responsible for a website's security and then think of a transition from http to https.
I have scanned many a so-called HTTPS Everywhere adopted website and what I found there did not make me particularly happy.
Scan for yourselves here:
http://cyh.herokuapp.com/cyh (online https and http security header scanner)
Also see loads and loads of sites where the log-in info go in plain txt over the wires.
Browser developers in the first place should work on the client side,
not decide what should be on the server side, allthough they have a right to alert,
when and where something is going wrong.
Here a little background info and where the quote was taken from:
http://cryto.net/~joepie91/blog/2015/05/01/on-mozillas-forced-ssl/link article author = Joepie91.
And here a word from some-one that promotes the transition:
http://moz.com/blog/seo-tips-https-ssllink article author = Cyrus Shepard
polonus
