Christoph Kerschbaumer (Mozilla Corporation), Frederik Braun (Mozilla Corporation), Simon Friedberger (Mozilla Corporation), Malte Jürgens (Mozilla Corporation)

The web was originally developed in an attempt to allow scientists from around the world to share information efficiently. As the web evolved, the threat model for the web evolved as well. While it was probably acceptable for research to be freely shared with the world, current use cases like online shopping, media consumption or private messaging require stronger security safeguards which ensure that network attackers are not able to view, steal, or even tamper with the transmitted data. Unfortunately the Hypertext Transfer Protocol (http) does not provide any of these required security guarantees.

The Hypertext Transfer Protocol Secure (https) on the other hand allows carrying http over the Transport Layer Security (TLS) protocol and in turn fixes these security shortcomings of http by creating a secure and encrypted connection between the browser and the website. While the majority of websites support https nowadays, https remains an opt-in mechanism that not everyone perceives as necessary or affordable.

In this paper we evaluate the state of https adoption on the web. We survey different mechanisms which allow upgrading connections from http to https, and provide real world browsing data from over 140 million Firefox release users. We provide numbers showcasing https adoption in different geographical regions as well as on different operating systems and highlight the effectiveness of the different upgrading mechanisms. In the end, we can use this analysis to make actionable suggestions to further improve https adoption on the web.

View More Papers

Towards Better CFG Layouts

Jack Royer (CentraleSupélec), Frédéric TRONEL (CentraleSupélec, Inria, CNRS, University of Rennes), Yaëlle Vinçont (Univ Rennes, Inria, CNRS, IRISA)

Read More

LLM-xApp: A Large Language Model Empowered Radio Resource Management...

Xingqi Wu (University of Michigan-Dearborn), Junaid Farooq (University of Michigan-Dearborn), Yuhui Wang (University of Michigan-Dearborn), Juntao Chen (Fordham University)

Read More

Secure Transformer Inference Made Non-interactive

Jiawen Zhang (Zhejiang University), Xinpeng Yang (Zhejiang University), Lipeng He (University of Waterloo), Kejia Chen (Zhejiang University), Wen-jie Lu (Zhejiang University), Yinghao Wang (Zhejiang University), Xiaoyang Hou (Zhejiang University), Jian Liu (Zhejiang University), Kui Ren (Zhejiang University), Xiaohu Yang (Zhejiang University)

Read More

An Empirical Study on Fingerprint API Misuse with Lifecycle...

Xin Zhang (Fudan University), Xiaohan Zhang (Fudan University), Zhichen Liu (Fudan University), Bo Zhao (Fudan University), Zhemin Yang (Fudan University), Min Yang (Fudan University)

Read More