Firefox follows in Chrome's footsteps and will mark all HTTP pages as 'not secure' Mozilla will mark all HTTP pages as "not secure" starting with Firefox 70, to be released in October July 16, 2019 https://www.zdnet.com/article/firef...s-and-will-mark-all-http-pages-as-not-secure/
I'm still not a fan. Not all sites need to be secure. Now we have driven the malicious sites to use SSL which can no longer be scanned unless you have an AV that does a MITM by inserting their own certificate. Let's Encrypt is free for everyone including the bad sites. SSL alone is no indication that a site is safe. I think all we are doing is giving folks a false sense of security while making it more difficult to identify malicious traffic. And making the internet slower with the additional overhead of processing the encryption.
These scanners are almost useless. Major browsers have integrated Google Safe Browsing. You can also install AdBlocking extensions and subscribe to lists such as Malware Domain List. You can use things like Cisco or Quad9 DNS that blocklist some malware domains. In my experience AdBlock browser extensions are protecting better than AV HTTP(S) scanning engines. In Enterprise environments Administrators can install company certificates to perform MitM-style inspection and logging of TLS traffic using i.e. Suricata.
