Popular privacy-centric web browser Brave finally switches to HTTPS by default, coming in version 1.5 release.
In the ever-evolving world of online privacy and security, the Brave browser has taken a giant step forward in improving both for its users. In the upcoming Brave browser version 1.50, the company plans to upgrade websites from HTTP to HTTPS, ensuring improved user privacy and security.
What is HTTPS by Default, and How Does it Work?
Brave’s HTTPS by Default system is a new approach to upgrading HTTP sites to HTTPS, except for a small list of incompatible sites. The system automatically detects HTTP sites and checks if they are on the list of incompatible sites. Brave will attempt to upgrade the connection to HTTPS for improved security and privacy if the site is not on the list. Brave will fall back to using HTTP for the connection if the upgrade is unsuccessful.
Why Did Brave Switch from its Previous Approach?
Previous versions of Brave Browser relied on an HTTPS upgrade list provided by HTTPS Everywhere. The approach worked, but it became apparent that it had two significant drawbacks over time.
Firstly, the EFF, the maintainer of the HTTPS Everywhere list, decided to end maintenance for it, meaning that the list was not updated anymore. Secondly, the list-based approach excluded any site that still used HTTP that was not on the list.
Brave switched its approach to HTTPS by Default, still using a list, but now only for incompatible sites. These sites have issues when upgraded to HTTPS, and Brave attempts to upgrade all sites not on that list to HTTPS if they still use HTTP. The list of incompatible sites is maintained by Brave on GitHub and includes several government and educational sites, but it is relatively short, with only 112 entries.
Brave engineers faced several roadblocks during the development of HTTPS by Default. Most sites that support HTTP and HTTPS use the same domain, but some don’t. Some sites use subdomains for secure sites, while others may use completely different domain names. Brave’s fallback to HTTP ensures that all these sites will load, making the user experience seamless.
Brave’s new HTTPS by default system is a significant step forward in improving online privacy and security for users. With the ability to upgrade all HTTP sites to HTTPS, excluding a small list of incompatible sites, Brave ensures that users have a secure and private browsing experience.
You can configure the feature in the Shields settings in Brave 1.50 by loading it directly in the address bar,
brave://settings/shields, or by selecting
Menu > Settings > Shields.
You can download Brave browser using the below page. The 1.5 version is planned within a few weeks.