Quantum Safety Browser Extension

Firefox web browser screen with an icon of a padlock with an orange question mark circled in red

To be safe from the “store now decrypt later” threat from future quantum computers, you need to both (a) have a browser that supports post quantum cryptography, and (b) use post quantum cryptography when securely connecting to web sites where you access sensitive data. Current web browsers don’t provide regular users with any indication of the latter, so it is difficult for them to know if they are quantum safe on the Internet.

The Quantum Safety add-on for Firefox is a web browser extension by Andrew E Scott from Far Phase that adds this critical function to your browser. It provides a visual indication to tell you whether the current connection is secured with post quantum cryptography.

Once you have chosen to add the browser extension, you will be requested to approve the required permissions.

Firefox dialog box requesting permission to add the browser extension

The browser extension needs to access data for all websites in order to show you which are deemed safe and which are not. Also, it needs to access browser tabs in order to show you the correct indicator for the current tab being displayed. However, it does not permanently store any of this data (e.g. on disk) nor send it from your computer.

If the Quantum Safety browser extension is not visible on your toolbar, right click on the extensions icon (it looks like a puzzle piece), and then the settings menu next to the Quantum Safety extension (it looks like a cog), and click “Pin to Toolbar”.

Firefox extensions menu accessing Quantum Safety extension settings

The indicator colour and symbol will change to show the level of safety for the web site in the current browser tab.

Quantum Safety browser extension unknown iconAn orange question mark in the padlock indicates that it is unknown whether the contents of the browser tab are safe or not.
Quantum Safety browser extension safe iconA green tick in the padlock indicates that the web site accessed in the browser tab uses post quantum cryptography. You can also hover over the icon to see the post quantum cryptography algorithm used.
Quantum Safety browser extension unsafe iconA red stop sign in the padlock indicates that the web site accessed in the browser tab does not use post quantum cryptography.

If sensitive information is being accessed or shared in the current browser tab, it is potentially at risk of being captured in encrypted form today and decrypted later using a quantum computer.

Download the Quantum Safety add-on for Firefox today!

FAQ

Why aren’t browsers other than Firefox supported?

Only Firefox provides a way for a web browser extension to access the required detail about the type of cryptography used in a secure browser session, and other popular browsers like Chrome, Edge or Safari do not. (See the relevant Mozilla developer page for further information.) Note that Firefox browsers from version 132.0 onwards are required, as previous versions did not implement standardised post quantum cryptography. However, if you are a technical user, you can see the PQC support of any website using the Developer Tools on Chrome.

How can I tell if it’s working? What are some websites that should show a green tick?

Here are some options, as of 21st January 2025:

If it shows a green tick, I’m completely safe online?

It cannot guarantee this. The Quantum Safety browser extension simply shows if a quantum safe algorithm (a standardised post quantum cryptography suite) is used to set up the secure browser session. There may be other security issues. It also doesn’t indicate whether other components of the web page were accessed using quantum safe algorithms – only the top level page.

What are these standardised post quantum cryptography (PQC) algorithms?

The cryptography algorithms that provide quantum safety are based on a new NIST PQC standard called ML-KEM (Module Lattice Key Encapsulation Mechanism). There are a few variants with different key sizes, and these are optionally combined with traditional key exchange algorithms like Elliptic Curve in some standardised hybrid variants. There may be further PQC algorithms standardised in the coming years.

What is the risk of a quantum computer being able to decrypt my browser session?

It probably depends a bit on how important you are, and the sensitivity of the data that you are accessing as to whether an attacker will be sufficiently motivated in your particular case. However, in general, quantum computers that are technically capable of decrypting the cryptography algorithms that underpin the security of the Internet (prior to post quantum cryptography) are likely to appear by 2034, in the opinion of 10 out of 32 international quantum experts in a Global Risk Institute study. If your data will still be sensitive in 2034, you should consider how to protect yourself from this risk.

Sometimes a website will have a green tick, then later show a red stop sign – why is this, and how can I fix it?

Are you using a version of Firefox earlier than v135? If so, the Quantum Safety browser extension is working properly, and reporting what Firefox is doing. In cases like this, Firefox initially connects safety with a website and then later connects without using quantum safe algorithms. The technical explanation is that it is related to Firefox using the QUIC (part of HTTP/3) protocol instead of TLS. Firefox will connect to a website normally using TLS, and then discover it supports QUIC, so will switch over to using it instead. Unfortunately, before v135, by default when Firefox uses QUIC, it doesn’t support PQC algorithms. However, it can be enabled manually in Firefox by going to the “about:config” settings page, and changing the “network.http.http3.enable_kyber” setting to true.