This is a welcome move from Mozilla, and an important step towards a fully-encrypted web that on the whole, makes us safer online than we are now. HTTPS protects user privacy by setting up encrypted and trusted tunnels between browsers and servers, underpinned by TLS machine identities. By introducing always-on HTTPS, Mozilla aims to ensure that all user connections will be encrypted in this way, ensuring that Firefox won’t make any unencrypted connections without the user’s permission. However, it’s important to realise that as browsers implement always-on HTTPS encryption, cybercriminals will default to using TLS machine identities as a fundamental part of their toolkits. Without them, cybercriminal’s sites will be flagged as unsecure and attackers will be locked out of targeting their victims. Despite this, HTTPS doesn’t necessarily guarantee online safety – it forces cybercriminals into arming themselves with TLS machine identities in order to preserve their capabilities. Always-on HTTPS is therefore a reminder of just how valuable TLS machine identities are in the wrong hands, and a reminder that organisations must ensure that their security tools are all able to inspect encrypted HTTPS tunnels as we move to a 100% TLS encrypted communications world. This creates a need for centralised intelligence and automation to ensure that all security tools – such as firewalls, intrusion detection and prevention, or analytics are fed and updated with all the relevant machine identities to ensure they can inspect all traffic that flows within HTTPS tunnels.  Read Less