A new version of Firefox is here, it is with an interesting novelty for our privacy, opportunistic encryption.
Firefox 37 The process by which Mozilla stops depending on Google continues, with Yandex as the default search engine in more areas such as Turkey, and the implementation of secure searches in Bing by HTTPS.
And speaking of secure connections, the biggest news in Firefox 37 is so-called opportunistic encryption, as long as the web server supports HTTTP / 2 AltSvc. This allows us to add protection to our connections, but how does it work and what difference does it make compared to HTTPS?
How opportunistic encryption works
With HTTPS the important thing is not only to encrypt the connection, but also authenticate itThat is, make sure that the service you connect to is who it claims to be. However, this is not always possible and there are many web pages that offer one security measure and not the other, with its problems. To say nothing of the pages that still manage private data of users without encryption.
In this case now Firefox can encrypt our connection without using HTTPS thanks to opportunistic encryption. It must be made clear that this type of encryption does not protect us as well as HTTPS, since for example it is vulnerable to man-in-the-middle attacks in which the attacker captures the communication between the client and the server.
However, opportunistic encryption is useful in surveillance cases where all traffic is captured in a specific area or to a connection; for example, cases in which they are implanted filters to detect certain words or terms.
Definitely, this is not a substitute for HTTPS, and we should always use and implement this to get secure connections, but opportunistic encryption can be useful if we can’t.
Download Firefox 37