https
Latest
Firefox 100 includes subtitle support for picture-in-picture video
The Android app also gains an HTTPS-only mode.
Firefox Focus on Android now includes an HTTPS-only mode
Firefox 98 introduces a handful of small but handy features to the mobile version of Mozilla’s browser.
Chrome 94 will make sure you're connected to sites with HTTPS
With Chrome 94, Google will introduce a feature called HTTPS-First Mode that will attempt to upgrade all your connections to HTTPS.
Google rolls out Chrome 90, which defaults to HTTPS instead of HTTP
Starting with Chrome 90, Google will automatically try to create an encrypted connection with any websites you visit.
Brave browser now supports peer-to-peer IPFS protocol
In a move it says will help make the internet more transparent and resilient, privacy-focused browser Brave now offers fully integrated and native IPFS browsing.
Firefox 83 will automatically switch you to secure HTTPS sites
Mozilla has launched a new security feature with Firefox 83 that can make sure you’re always establishing secure connections to every website that you visit. Further, Firefox will ask for your permission to load websites that aren’t encrypted via HTTPS in any way. The browser will Firefox will display an error message that explains the security risks of connecting to a non-HTTPS website before you can click through to load it.
Chrome will soon let you know if a web form is unsecure
It'll turn off autofill on forms that are submitted insecurely.
Chrome's new release schedule will skip version 82 entirely
Last week Google announced it will pause Chrome and Chrome OS releases to deal with its adjusted work schedules as a result of the coronavirus pandemic. At the time, the company said that it would work to ensure current releases are as stable as possible, and that for now, it will not promote Chrome 81 from beta to stable. As Chrome Unboxed points out, a post a few days ago explains that the new plan is to skip a milestone release entirely. Director of Technical Program Management Jason Kersey writes in a post the beta channel will remain on version 81 until 83 is ready to promote from the development channel, while 82 will skip its cycle through the process entirely. That could mean an earlier release date than planned for version 83, but no decision has been made there yet. Chrome 81 is supposed to bring new mixed reality features and a trial of NFC tie-ins to the browser, and HTTPS changes that will remove older protocols and block some content if it tries to load via HTTP on a secure site. About Chromebooks notes Chrome OS features anticipated for version 81 that include easier sideloading of Android Studio apps and an improved Bluetooth pairing setup, but all of that will have to wait, and for good reason.
Firefox now encrypts domain name requests by default in the US
After a brief delay, Mozilla has started to make DNS over HTTPS the default for Firefox users in the US. Notwithstanding any additional hiccups, the company says it hopes to finish the rollout sometime over the next couple of weeks. The protocol is supposed to protect one of the most fundamental aspects of browsing the internet: translating URLs into IP addresses. Without DNS over HTTPS, bad actors can see what websites you've visited -- even if they don't know what you did on those sites thanks to HTTPS. The protocol protects your privacy by effectively disguising DNS queries as regular HTTPS traffic.
Chrome will start protecting users from insecure downloads in April
Google Chrome will soon deliver on last year's promise to better protect users from insecure content -- downloads not encrypted via HTTPS -- on otherwise secure pages. Chrome 82, which will be released in April, will be the first version of Google's browser to warn users before allowing them to download certain insecure file types. In future releases, they'll be blocked outright.
Chrome will block HTTP content from loading on secure sites
In a move to improve user privacy and security, Google is simplifying its browser security settings. In a blog post, the Chrome security team said https:// pages will only be able to load secure (https://) subresources. The change won't happen overnight, but in a series of gradual steps.
Firefox will encrypt web domain name requests by default
Mozilla's Firefox privacy protections will soon include one of the most basic tasks for any web browser: fielding the domain name requests that help you visit websites. The developer will make DNS over encrypted HTTPS the default for the US starting in late September, locking down more of your web browsing without requiring an explicit toggle like before. Your online habits should be that much more private and secure, with fewer chances for DNS hijacking and activity monitoring.
Chrome's 'Lite Pages' now work with secure sites
Loading websites over a slow connection can be frustrating and expensive. That's why Google offers Data Saver, a feature that lets Chrome reduce data use by up to 90 percent and load pages two times faster. Previously, this Lite feature was only available for HTTP pages. Now, on Android, Chrome is extending the function to HTTPS pages as well, meaning you'll be able to browse faster and securely, even if your network connection sucks.
Half of phishing sites trick you into thinking they're 'secure'
You can't assume that a site is honest because it has that "secure" padlock in the address bar, and PhishLabs just illustrated why. The anti-phishing company has determined that 49 percent of all known phishing sites used Secure Sockets Layer protection (and thus displayed the padlock) as of the third quarter of 2018. That's a sharp rise from 35 percent in the second quarter, and a steep climb from 25 percent a year earlier. They'll still try to trick you into handing over vital details -- it's just that their web traffic will be encrypted while they do it.
Chrome's upcoming security change will break hundreds of sites
Google will strengthen Chrome's security with its next release, but that might have some unintended consequences for the sites you use. Security researcher Scott Helme has found that hundreds of the top 1 million sites are using old Symantec HTTPS certificates (pre-June 2016) that won't be trusted when Chrome 70 arrives as soon as October 16th. Some of these are vital sites, too, including multiple Indian government sites, the government of Tel Aviv and Penn State Federal Credit Union.
Chrome now alerts you to unsecured HTTP sites
Chrome has already taken numerous measures to inform users if they're on an unencrypted HTTP website, but starting today it's going one step further, with version 68 of the browser displaying a warning whenever you visit an insecure site. Instead of a green padlock and the word "secure" in the address bar, as you'll see on a HTTPS site, you'll see the words "not secure." Click on it and you'll get a warning advising against entering any sensitive information on the site, as it could be stolen by hackers.
Chrome is killing its 'Secure' URL label in September
The Chrome browser's upcoming versions will focus on highlighting its negative security indicators, even going as far as sunsetting its positive ones. Chrome Security Product Manager Emily Schechter has announced that Chrome 69, which will be available in September, will stop marking HTTPS sites as "Secure" on the address bar. Why? Well, because Google wants the default state to be secure. The tech giant already revealed earlier this year that all HTTP-only sites will be marked "Not Secure" in July. It looks like the Chrome team will also take things a step further by October: starting that month, the usually gray "Not Secure" warning will flash red as soon as you start typing in data on HTTP pages.
Upcoming Chrome update will label HTTP sites ‘not secure’
Chrome has been taking measures to inform users when they're on an unencrypted HTTP website, adding notifications to more and more sites over the last couple of years. Today, Google announced it will be taking that one step further, labeling all HTTP sites as "not secure" starting with the release of Chrome 68. You can see what that will look like in the image below.
Tinder flaws could expose your swipes to prying eyes
Today, the security firm Checkmarx released troubling information about two vulnerabilities within Tinder, the popular dating app. The issues are present in both the iOS and Android app and allow a user on the same network to monitor what a person is doing on Tinder. Additionally, an attacker could control the pictures a user sees on Tinder; it's possible to swap them out for malicious content.
Android is getting a feature that encrypts website name requests
Google's efforts to push websites to use encrypted connections is paying off. Just days ago, the search giant revealed that HTTPS use on its own products is at 89 percent overall, up from just 50 percent at the beginning of 2014. (Not sure what we're blabbering on about? Just peep the green lock icon and the word "secure" in the address bar). Now, Google is adding an extra layer of security to Android. XDA Developers has spotted that DNS over TLS (Transport Layer Security) support is heading to the mobile OS, according to the Android Open Source Project -- meaning DNS queries will be encrypted to the same level as HTTPS.
