HTTPS is not a new protocol. It enables encryption on websites that prevents people from “sniffing” on your network traffic and stealing your data. It also verifies that the servers your computer connects to are what they claim to be, using a digital signature system to prevent attackers setting up a fake “google.com” to spy on your connections.
The benefits of HTTPS help to keep users safe online. However, the protocol has struggled to gain adoption on websites that don’t handle sensitive data. While it’s common to find HTTPS being used on banking sites and secured information providers, it has less of a presence on smaller sites and services. Until the end of 2012, even Facebook transmitted everything over the insecure HTTP.
In a tweet last week, Josh Aas, head of non-profit HTTPS advocate Let’s Encrypt, said that telemetry from Mozilla Firefox indicated over 50 percent of all page loads were made over HTTPS last Thursday. It’s the first time the milestone has been achieved and puts Let’s Encrypt a step further towards its goal. It wants to transform the internet to run on 100 percent HTTPS.
HTTPS’ dramatic rise in usage this summer has been attributed to Let’s Encrypt itself. The company makes it much easier for HTTPS to be enabled on web servers. It lets site operators turn on and manage HTTPS with a set of simple commands and is also completely free to use.
Without Let’s Encrypt, configuring HTTPS is a reasonably complex process requiring changes to be made to the server. Annual payments need to be sent to a certificate authority if a site is to remain authenticated. Otherwise, ominous certification expiration notices will be displayed to users.
Let’s Encrypt has seen phenomenal growth over the past year. It issued its millionth certificate in March. By September, 10 million had been handed out. The service is now the largest certificate authority online and is proving to be instrumental in convincing websites to start using HTTPS. That is now paying off, as indicated by reaching the 50% milestone.
There’s still a lot more work to be done before the entire web is running on encrypted connections. Last Thursday, unencrypted webpages were the minority for the first time ever though, suggesting Let’s Encrypt is turning the tides against the insecure technology.
With the organisation growing at a rate of 100,000 certificates per week, it could be significantly easier to achieve the second half of the journey to HTTPS. The company was founded by The Electronic Frontier Foundation (EFF), Mozilla and the University of Michigan and is sponsored by Cisco and Akami, aiming to give developers the tools to secure their sites.