Here’s some great news for all of us who care about the security of the internet: We are one step closer today to having an encrypted web.
As many of us are aware, most of the webpages on the internet are served using something called HTTP (HyperText Transfer Protocol).
HTTP works very well, but is also inherently insecure - opening up opportunities for criminals, companies and governments to spy on what we’re doing, hijack accounts and steal information, inject malicious scripts into webpages and even censor access to sites.
HTTPS (Hypertext Transfer Protocol Secure) secured via TLS (Transport Layer Security, sorry about all the acronyms…) is better for security, protecting users’ personal information as it is transmitted between the user and the site, but can be a hassle to set up and can cost website owners money.
Years ago you were only likely to see online banks using HTTPS but over time just about everywhere you made purchases online realised it was reckless to request users enter their credit card details over an unencrypted connection, and later other services such as webmail providers and search engines realised it was a necessity too.
Now all manner of sites are beginning to adopt HTTPS, even in cases where you were unlikely to be typing anything sensitive.
For instance, this very site, https://www.grahamcluley.com, uses HTTPS on every single page, not because you are likely to ever buy anything from me, but principally because security and privacy should be the standard, not the exception.
Last November, the EFF along with Mozilla and Cisco announced the “Let’s Encrypt” project, with the aim of bringing free HTTPS encryption to all websites.
And now Let’s Encrypt has announced that all major web browsers are trusting its free security certificates.
As previously you would have been required to specially configure your computer to prevent it from displaying a warning message when visiting a site using a Let’s Encrypt certificate this is an important milestone.
Well done to Let’s Encrypt for its progress so far.
Let’s Encrypt plans to start issuing free certificates next month.