Mozilla wants to make the Internet a much more secure place and says it's doing its part in a step to eliminate non-secure HTTP with HTTPS.
The move embraces the universal use of encryption, which is being advocated by federal IT security folks and Internet organizations that hope to make the Internet a much safer place to share, shop and communicate.
"There's pretty broad agreement that HTTPS is the way forward for the web," wrote Mozilla's Firefox security leader Richard Barnes. "Mozilla is committing to focus new development efforts on the secure web, and start removing capabilities from the non-secure web."
Mozilla's two-pronged strategy is bound to wake up Internet users fast. It's debuting new features only within secure websites and it's going to phase out access to browser features on non-secure websites, especially features "that pose risks to users' security and privacy."
It's like Mozilla playing the neighborhood foot patrolman advocating security measures that may cause some pain and initial aches at the start but prove worthwhile in the long stretch.
"Removing features from the non-secure web will likely cause some sites to break," acknowledged Barnes, noting Mozilla will be tracking and monitoring impact. "So we will have to monitor the degree of breakage and balance it with the security benefit."
The big goal is to make the web developer community realize security is a top priority and unity, as well as collaboration, will become the norm.
"Let's get the web secured," enthused Barnes.
What this means for the average Internet user that taps Firefox for browsing the web is that Mozilla will not be allowing non-secure websites and links from coming within reach. Websites that depend on traffic and user interaction from those using Firefox will need to get HTTPS in place.
There is still work to be done regarding specific features to be blocked, and Mozilla says the decisions will be made as a community.
Mozilla most recently introduced "opportunistic encryption" to Firefox, which provides encryption for long-term content that would otherwise have been unencrypted.
"For example, one definition of 'new' could be 'features that cannot be polyfilled,'" Barnes wrote. "That would allow things like CSS and other rendering features to still be used by insecure websites, since the page can draw effects on its own. But it would still restrict qualitatively new features, such as access to new hardware capabilities."