When Mozilla releases the next update to Firefox this October, it will make it much easier to spot sites that are more likely to be insecure.
Firefox 70 will follow in the footsteps of Chrome update number 68 from last year, by adding a permanent “not secure” indicator on all non-https websites. This marks a change from the current policy, which only shows the not secure indicator when a HTTP website includes forms or login fields.
Why is this important?
The Firefox team that announced the planned move cited the fact that 80% of all internet pages are now served via HTTPS. This means that rather than HTTPS websites receiving a positive note, it makes much more sense for non-HTTPS sites to be negatively flagged for their added security risk.
Talking to ZD Net, Firefox developer Johan Hoffmann said, “In desktop Firefox 70, we intend to show an icon in the ‘identity block’ (the left hand side of the URL bar which is used to display security / privacy information) that marks all sites served over HTTP (as well as FTP and certificate errors) as insecure.” This move will bring Firefox in-line with Google Chrome that made the same change a year ago.
It isn’t like Mozilla is simply copying Google with this, however, as the privacy valuing foundation has been working on the feature since 2017.