We’re Halfway to Encrypting the Entire Web

by | Feb 23, 2017

We’re Halfway to Encrypting the Entire Web

by | Feb 23, 2017

The movement to encrypt the web has reached a milestone. As of earlier this month, approximately half of Internet traffic is now protected by HTTPS. In other words, we are halfway to a web safer from the eavesdropping, content hijacking, cookie stealing, and censorship that HTTPS can protect against.

Mozilla recently reported that the average volume of encrypted web traffic on Firefox now surpasses the average unencrypted volume.

Google Chrome’s figures on HTTPS usage are consistent with that finding, showing that over 50% of of all pages loaded are protected by HTTPS across different operating systems.

This milestone is a combination of HTTPS implementation victories: from tech giants and large content providers, from small websites, and from users themselves.

Advocating for HTTPS Migration in Industry

Starting in 2010, EFF members have pushed tech companies to follow crypto best practices. We applauded when Facebook and Twitter implemented HTTPS by default, and when Wikipedia and several other popular sites later followed suit. Google has also put pressure on the tech community by using HTTPS as a signal in search ranking algorithms and, starting this year, showing security warnings in Chrome when users load HTTP sites that request passwords or credit card numbers.

EFF’s Encrypt the Web Report also played a big role in tracking and encouraging specific practices. Recently other organizations have followed suit with more sophisticated tracking projects. For example, Secure the News and Pulse track HTTPS progress among news media sites and U.S. government sites, respectively.

Let’s Encrypt and Certbot Change the Game

But securing large, popular websites is only one part of a much bigger battle. Encrypting the entire web requires HTTPS implementation to be accessible to independent, smaller websites. Let’s Encrypt and Certbot have changed the game here, making what was once an expensive, technically demanding process into an easy and affordable task for webmasters across a range of resource and skill levels.

Let’s Encrypt is a Certificate Authority (CA) run by the Internet Security Research Group (ISRG) and founded by EFF, Mozilla, and the University of Michigan, with Cisco and Akamai as founding sponsors. As a CA, Let’s Encrypt issues and maintains digital certificates that help web users and their browsers know they’re actually talking to the site they intended to. CAs are crucial to secure, HTTPS-encrypted communication, as these certificates verify the association between an HTTPS site and a cryptographic public key. Through EFF’s Certbot tool, webmasters can get a free certificate from Let’s Encrypt and automatically configure their server to use it.

Since we announced that Let’s Encrypt was the web’s largest certificate authority last October, it has exploded from 12 million certs to over 28 million. Most of Let’s Encrypt’s growth has come from giving previously unencrypted sites their first-ever certificates.

A large share of these leaps in HTTPS adoption are also thanks to major hosting companies and platforms–like WordPress.com, Squarespace, and dozens of others–integrating Let’s Encrypt and providing HTTPS to their users and customers.

How Users Can Protect Themselves

Unfortunately, you can only use HTTPS on websites that support it–and about half of all web traffic is still with sites that don’t. However, when sites partially support HTTPS, users can step in with the HTTPS Everywhere browser extension.

A collaboration between EFF and the Tor Project, HTTPS Everywhere makes your browser useHTTPS wherever possible. Some websites offer inconsistent support for HTTPS, use unencrypted HTTP as a default, or link from secure HTTPS pages to unencrypted HTTP pages. HTTPS Everywhere fixes these problems by rewriting requests to these sites to HTTPS, automatically activating encryption and HTTPS protection that might otherwise slip through the cracks.

More Work to Do

Our goal is a universally encrypted web that makes a tool like HTTPS Everywhere redundant. Until then, we have more work to do. Protect your own browsing and websites with HTTPS Everywhere and Certbot, and spread the word to your friends, family, and colleagues to do the same. Together, we can encrypt the entire web.

Republished from the Electronic Frontier Foundation.

About Gennie Gebhart

Gennie does research and advocacy for the Electronic Frontier Foundation on consumer privacy, surveillance, and security issues.

Our Books

latest book lineup.

Related Articles

Related

Politics is a Game, and the Players Want to Win

Politics is a Game, and the Players Want to Win

The recent massive “foreign aid” bill which gave over $60 billion to Ukraine was a key victory for what we call the “Uniparty.” However, this was not just a cash transfer; more accurately, quite a lot of the money went as spoils to the American military contractors...

read more
The Great Ukraine Robbery is Not Over Yet

The Great Ukraine Robbery is Not Over Yet

The ink was barely dry on President [Joe] Biden’s signature transferring another $61 billion to the black hole called Ukraine, when the mainstream media broke the news that this was not the parting shot in a failed U.S. policy. The elites have no intention of shutting...

read more
How Israel Supported Hamas Against the PLO

How Israel Supported Hamas Against the PLO

Since the Hamas-led attacks in Israel on October 7, 2023, Israel has been executing a devastating assault on the civilian population of the Gaza Strip, blocking humanitarian aid, internally displacing 75% of Gaza’s population, systematically destroying civilian...

read more
The Weekend at Bernie’s Election

The Weekend at Bernie’s Election

It’s time for the most important election again, a rematch. The American voter will decide who will sit at the head of the world’s biggest government. A pick between two old men, each of whom have had four years as president. Donald Trump, AKA "Orange Man," has his...

read more
TGIF: Another Bogus Antisemitism Scare

TGIF: Another Bogus Antisemitism Scare

I've been watching and thinking about the nationwide campus antiwar demonstrations in support of the suffering Palestinians of Gaza, and the appalling reaction to and "coverage" of those events. Something important needs to be addressed. I won't be concerned here with...

read more