Google kicked off the migration away from HTTP to HTTPS for most webmasters; and Mozilla aims to put the finishing fork into HTTP by announcing a new program which will essentially force webmasters onto HTTPS or else risk loosing various browser features.
Removing features from the non-secure web will likely cause some sites to break. So we will have to monitor the degree of breakage and balance it with the security benefit. We’re also already considering softer limitations that can be placed on features when used by non-secure sites. For example, Firefox already prevents persistent permissions for camera and microphone access when invoked from a non-secure website. There have also been some proposals to limit the scope of non-secure cookies.
No specific date has been announced for this yet, however the change is coming, and it makes sense. As I said in my Stop Hating On Google vlog – alot of these changes are being done for our own good. HTTPS is more secure after-all and thus it’s a better option for websites and website visitors. However – this does pose some extra work for the average webmaster. For example someone building their first website may be daunted by the task of setting up an SSL certificate; or the extra cost associated with it. Sure they can use CloudFlare for free; and get free SSL support – but now we’re also expecting a first-time webmaster to know about CloudFlare.
We’ll have to see how this ultimately plays out. What do you think? Is Mozilla going a bit too far here by removing functionality?