Firefox for Android now has a toggle for HTTPS-Only mode
Mozilla has released Firefox 100.1.1 out of beta. It adds a new setting that allows users to enable HTTPS-Only mode.
The option was first introduced in Firefox Nightly a few weeks ago, and surprisingly has been brought to the stable version quite quickly. I say that it is surprising because Mozilla usually takes a while to move features from Nightly to the Beta and Stable Channels. e.g. The Pull to refresh gesture for reloading a page, was added in Firefox Nightly in October 2021, still hasn't made its way in to the public release.
HTTPS-Only mode is not enabled by default in Firefox for Android, but you can toggle the option in just a couple of taps.
How to enable HTTP-Only mode in Firefox for Android
1. Open the Firefox app's Settings menu.
2. Scroll down the page to reach the Privacy and Security section.
3. Tap on the option that is labeled "HTTPS-Only mode".
4. The browser will switch to another page, where you can toggle the setting. You may set it as the default option for all tabs, or only the tabs that you open in HTTPS mode.
That's it, now whenever you type a URL partially without the HTTPS prefix, or tap on a link that normally takes you to the HTTP version of a website, Firefox will force the page to load the HTTPS version of the site. This will help protect users from being spied on by third-parties, and land on genuine sites with SSL certificates instead of a fake banking site or something.
What about websites that don't support HTTPS?
Some sites still use the HTTP (Hypertext transfer protocol), even though it has been proven to be insecure, and vulnerable to hackers. But, blocking access to such portals would result in backlash from users. You may not believe it, but many Governments, Schools, and Offices around the world still have HTTP websites, which is probably why Firefox for Android will not prevent the page from loading. It might even be misunderstood as censorship.
When you run into a website that doesn't support HTTPS, the browser will display a warning message that reads "Secure Site Not Available". It shows 2 options, the first one is Go Back (Recommended), choosing which will make the browser jump to the previous page you were on. If you don't mind that the site is not secure, you can ignore the warning, and tap on the "Continue to HTTPS Site", to load the page using an unencrypted connection to the server.
The introduction of native support for HTTPS-Only mode essentially nullifies the HTTPS Everywhere extension, so if you're using the add-on, you may want to uninstall it.
Note: Firefox on the Google Play Store is still on version 99.2.0, it should be updated soon. But, if you don't want to wait, and if you're comfortable with side-loading apps from other sources, you may download the Firefox 100.1.1 APK from Mozilla's GitHub repository. I installed it over the Play Store version on my phone.
If Mozilla added full support for extensions in Firefox (stable), I'd probably use it instead of the Nightly builds.
What feature would you like to see in Firefox for Android?
Firefox for Android is a must have choice to browse with speed and privacy. Thanks for the article! :]
No Nightly needed, no telemetry needed.
Mull browser on Fdroid – Fennec with Arkenfox. Extensions work.
It‘s also special in that it ships with hardcoded trackers and has zero about:config access on the stable channel. Browser of the people.
Android apps, what would do you expect? Anyway I prefer Firefox to Chrome in Android. :[
All removed in Fennec, but you can keep trying.
No extensions in Brave browser, just saying. Hardcoded trackers in Firefox – it has an option in main settings to disable telemetry. Has no crytpo s*** either.
Plus solution to no about:config and more add-ons, no telemetry – Fennec or Iceraven for DRM support.
Did I somehow miss the part where Firefox got renamed into “Fennec” or “Iceraven”? I am talking about the official Firefox package with the official branding that you can download from the Google Play Store, and this does ship with hardcoded trackers and without about:config.
Your argument is the same as when someone says Brave or Ungoogled Chromium excuse the data collection practices of Chrome, for example. Bu they don’t. Brave and Ungoogled Chromium are different products despite the fact that they are based on the same engine. The problem here is: Everyone knows that Chrome is bad for privacy and thus hardly anyone here recommends it, me included, I always argue against it. But Firefox gets recommended here all the time despite the glaring issues, and when there is criticism, like in my comment above, it is being excused with the existence third party builds. If anything, recommend these third party builds then, not the official Firefox build you seem so eager to defend for whatever unknown reason I don’t really care about.
> No extensions in Brave browser, just saying.
There’s hardly any extensions on Firefox mobile either. Most probably Kiwi has the broadest extension support on mobile, ironically a Chromium-based browsers. Mozilla removed full extension support post-Firefox 68 and @Steve is completely right to criticize this in his comment below.
Most people just want to run an adblocker, too. Brave already has an adblocker included, and needs no extension like Firefox which curiously doesn’t ship with an adblocker (probably due to the Google financing, just my opinion).
> Has no crytpo s*** either.
You think this is a smart argument, but it isn’t. Firefox does advertising by default, e.g. in the address bar and the New Tab Page:
Of course, contrary to Brave, in Firefox’s case it is opt-out instead of opt-in. And you don’t get paid for it. So Firefox does the same thing without asking you and without paying you… Very smart of you indeed to criticize getting paid while you experience the same thing for free. :…….D
1) Never seen any ads in my country in FF.
1) && 2) Not applicable in Fennec
3) see above
Quot erat demonstandum. But whilst you are still at it: You should really keep these long blocks in your clipboard. Saves you time to repeat the same fallacies.
> Never seen any ads IN MY COUNTRY in FF.
Into the trash, your statement goes.
> Not applicable in Fennec
When did Firefox get renamed into Fennec again? Dude, you are defending bad decisions of Mozilla with the existence of unrelated third party builds and then try to call me out for fallacies. Laughable.
Btw, the dev of Fennec has the following to say about Mozilla and his build:
“Fennec F-Droid is based on the latest Firefox release (codenamed Fenix).
It has proprietary bits and telemetry removed, but still connects to
various Mozilla and Google services that can track users.”
Blah blah blah blah blah blah blah, blah blah. I also referred to official Brave browser available on Google Play Store. Plus Firefox has fixed set of images to choose while Brave has sponsored images which are not fixed, not that it matters anyway. Again blah blah blah.
These hardcoded trackers shouldn’t be there in the first place. Extension support is the only good thing Firefox offers, Brave already has an adblocker anyway
If you click on the What’s next? link you posted, will see the following.
“If you want a browser experience that is more respectful of your privacy, you can use alternative browsers such as Mozilla Firefox or the DuckDuckGo Privacy Browser.”
There is no mention of Brave.
Firefox and the DuckDuckGo Privacy Browser? Seriously? Here is your desperately needed reality pill:
You mean THAT Firefox and THAT DuckDuckGo Privacy Browser? The link above should show you already how laughable this is. Brave and Bromite are the correct recommendations, and not recommending them shows the author of tyour trash is clueless.
There was also this funny incident:
@ iron heart. Don’t get mad at me. Anonymous posted the link. I just took a quote from it.
@Iron Heart – Not meaning to be rude but why do you care so much about what browsers people use. Everyone has their own choice to use what software they want and not be threatened by people like you. JUST STOP ATTACKING PEOPLE!!! GET OFF THIS SITE IF YOU HAVE NOTHING TO DO IN LIFE OR ARE SO BRAIN DEAD!!!
Brave doesn’t need any telemetry of its own because it directly uses the telemetry chrome does. And expects other “main browsers” to not do telemetry when the browsers need it and they don’t.
I’ve been wanting this feature to be natively built in to Android Firefox stable for a while. Great to know it will arrive soon.
“…What feature would you like to see in Firefox for Android?”
A native privacy-orientated translate feature like Vivaldi use would be good.
Oh, another feature I would like to see in Firefox for Android: The ability to re-arrange the order of saved bookmarks. It’s pretty unbelievable that it is not possible to re-arrange them.
Important issue: when will these Mozilla * [Editor: removed, please stay polite] fully embrace the add-ons on Android?
We’re at version 100 and we started waiting for that since 68.11.0. That’s quite some time.
No, the nightly solution is not on the discussion table.
They seem to have abandoned certain features. People work on them and then lose internet.
There are some ancient, breaking bugs too, like font sizing on certain devices is broken. It’s a mess, Mozilla needs to get some people working on the basics for a while.
Back when HTTPS Only was introduced in desktop, I ran into a variety of annoying issues with it. I solved most of them by toggling dom.security.https_first in About:config. I’d like to see a toggle for that in mobile as well.
How to enable HTTPS-Only mode in Firefox for Android*