Odds for safety certainly improve where all connected-to sites must be encrypted, but will all sites have at least 256 AES…a number of prominent security sites have said up to 74% of sites vulnerable to the RC4-based “Heartbleed” attack are still so vulnerable. Then, how well do highly connection-secure sites police downloadable content…Google Store extension debacles come to mind.

Until all sites have the kind of security one can find in a good VPN, it’s no sure thing you’ll be absolutely safe via global encryption. Again, encryption is a good base to expand security, but to cold-turkey shut out non-https sites for Mozilla acting alone makes them a browser already lower in popularity which sites can ignore; citing in your article what sort of time/cash scale projects require, for now, for Google to promote better-financed https sites over others seems somehow a contribution to the erosion of net neutrality….especially hwen “better” sites remain vulnerable to the most publicized of simple attacks.

Thanks for a great article, and have a great weekend!