Christoph Kerschbaumer (Mozilla Corporation), Frederik Braun (Mozilla Corporation), Simon Friedberger (Mozilla Corporation), Malte Jürgens (Mozilla Corporation)

The web was originally developed in an attempt to allow scientists from around the world to share information efficiently. As the web evolved, the threat model for the web evolved as well. While it was probably acceptable for research to be freely shared with the world, current use cases like online shopping, media consumption or private messaging require stronger security safeguards which ensure that network attackers are not able to view, steal, or even tamper with the transmitted data. Unfortunately the Hypertext Transfer Protocol (http) does not provide any of these required security guarantees.

The Hypertext Transfer Protocol Secure (https) on the other hand allows carrying http over the Transport Layer Security (TLS) protocol and in turn fixes these security shortcomings of http by creating a secure and encrypted connection between the browser and the website. While the majority of websites support https nowadays, https remains an opt-in mechanism that not everyone perceives as necessary or affordable.

In this paper we evaluate the state of https adoption on the web. We survey different mechanisms which allow upgrading connections from http to https, and provide real world browsing data from over 140 million Firefox release users. We provide numbers showcasing https adoption in different geographical regions as well as on different operating systems and highlight the effectiveness of the different upgrading mechanisms. In the end, we can use this analysis to make actionable suggestions to further improve https adoption on the web.

View More Papers

Characterizing the Adoption of Security.txt Files and their Applications...

William Findlay (Carleton University) and AbdelRahman Abdou (Carleton University)

Read More

Modeling End-User Affective Discomfort With Mobile App Permissions Across...

Yuxi Wu (Georgia Institute of Technology and Northeastern University), Jacob Logas (Georgia Institute of Technology), Devansh Ponda (Georgia Institute of Technology), Julia Haines (Google), Jiaming Li (Google), Jeffrey Nichols (Apple), W. Keith Edwards (Georgia Institute of Technology), Sauvik Das (Carnegie Mellon University)

Read More

MALintent: Coverage Guided Intent Fuzzing Framework for Android

Ammar Askar (Georgia Institute of Technology), Fabian Fleischer (Georgia Institute of Technology), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara), Taesoo Kim (Georgia Institute of Technology)

Read More