Christoph Kerschbaumer (Mozilla Corporation), Frederik Braun (Mozilla Corporation), Simon Friedberger (Mozilla Corporation), Malte Jürgens (Mozilla Corporation)

The web was originally developed in an attempt to allow scientists from around the world to share information efficiently. As the web evolved, the threat model for the web evolved as well. While it was probably acceptable for research to be freely shared with the world, current use cases like online shopping, media consumption or private messaging require stronger security safeguards which ensure that network attackers are not able to view, steal, or even tamper with the transmitted data. Unfortunately the Hypertext Transfer Protocol (http) does not provide any of these required security guarantees.

The Hypertext Transfer Protocol Secure (https) on the other hand allows carrying http over the Transport Layer Security (TLS) protocol and in turn fixes these security shortcomings of http by creating a secure and encrypted connection between the browser and the website. While the majority of websites support https nowadays, https remains an opt-in mechanism that not everyone perceives as necessary or affordable.

In this paper we evaluate the state of https adoption on the web. We survey different mechanisms which allow upgrading connections from http to https, and provide real world browsing data from over 140 million Firefox release users. We provide numbers showcasing https adoption in different geographical regions as well as on different operating systems and highlight the effectiveness of the different upgrading mechanisms. In the end, we can use this analysis to make actionable suggestions to further improve https adoption on the web.

View More Papers

Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment...

Runze Zhang (Georgia Institute of Technology), Mingxuan Yao (Georgia Institute of Technology), Haichuan Xu (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Jeman Park (Kyung Hee University), Brendan Saltaformaggio (Georgia Institute of Technology)

Read More

CLIBE: Detecting Dynamic Backdoors in Transformer-based NLP Models

Rui Zeng (Zhejiang University), Xi Chen (Zhejiang University), Yuwen Pu (Zhejiang University), Xuhong Zhang (Zhejiang University), Tianyu Du (Zhejiang University), Shouling Ji (Zhejiang University)

Read More

On the Realism of LiDAR Spoofing Attacks against Autonomous...

Takami Sato (University of California, Irvine), Ryo Suzuki (Keio University), Yuki Hayakawa (Keio University), Kazuma Ikeda (Keio University), Ozora Sako (Keio University), Rokuto Nagata (Keio University), Ryo Yoshida (Keio University), Qi Alfred Chen (University of California, Irvine), Kentaro Yoshioka (Keio University)

Read More

Beyond Classification: Inferring Function Names in Stripped Binaries via...

Linxi Jiang (The Ohio State University), Xin Jin (The Ohio State University), Zhiqiang Lin (The Ohio State University)

Read More