The movement to encrypt the web has reached a milestone. As of earlier this month, approximately half of Internet traffic is now protected by HTTPS. In other words, we are halfway to a web safer from the eavesdropping, content hijacking, cookie stealing, and censorship that HTTPS can protect against. <\/p>\n
Mozilla recently reported that the average volume of encrypted web traffic on Firefox now surpasses the average unencrypted volume. <\/p>\n
Google Chromes figures on HTTPS usage are consistent with that finding, showing that over 50% of of all pages loaded are protected by HTTPS across different operating systems. <\/p>\n
This milestone is a combination of HTTPS implementation victories: from tech giants and large content providers, from small websites, and from users themselves. <\/p>\n
Starting in 2010, EFF members have pushed tech companies to follow crypto best practices. We applauded when Facebook and Twitter implemented HTTPS by default, and when Wikipedia and several other popular sites later followed suit. Google has also put pressure on the tech community by using HTTPS as a signal in search ranking algorithms and, starting this year, showing security warnings in Chrome when users load HTTP sites that request passwords or credit card numbers. <\/p>\n
EFFs Encrypt the Web Report also played a big role in tracking and encouraging specific practices. Recently other organizations have followed suit with more sophisticated tracking projects. For example, Secure the News and Pulse track HTTPS progress among news media sites and U.S. government sites, respectively. <\/p>\n
But securing large, popular websites is only one part of a much bigger battle. Encrypting the entire web requires HTTPS implementation to be accessible to independent, smaller websites. Lets Encrypt and Certbot have changed the game here, making what was once an expensive, technically demanding process into an easy and affordable task for webmasters across a range of resource and skill levels. <\/p>\n
Lets Encrypt is a Certificate Authority (CA) run by the Internet Security Research Group (ISRG) and founded by EFF, Mozilla, and the University of Michigan, with Cisco and Akamai as founding sponsors. As a CA, Lets Encrypt issues and maintains digital certificates that help web users and their browsers know theyre actually talking to the site they intended to. CAs are crucial to secure, HTTPS-encrypted communication, as these certificates verify the association between an HTTPS site and a cryptographic public key. Through EFFs Certbot tool, webmasters can get a free certificate from Lets Encrypt and automatically configure their server to use it. <\/p>\n
Since we announced that Lets Encrypt was the webs largest certificate authority last October, it has exploded from 12 million certs to over 28 million. Most of Lets Encrypts growth has come from giving previously unencrypted sites their first-ever certificates. <\/p>\n
A large share of these leaps in HTTPS adoption are also thanks to major hosting companies and platforms--like WordPress.com, Squarespace, and dozens of others--integrating Lets Encrypt and providing HTTPS to their users and customers. <\/p>\n
Unfortunately, you can only use HTTPS on websites that support it--and about half of all web traffic is still with sites that dont. However, when sites partially support HTTPS, users can step in with the HTTPS Everywhere browser extension. <\/p>\n
A collaboration between EFF and the Tor Project, HTTPS Everywhere makes your browser use HTTPS wherever possible. Some websites offer inconsistent support for HTTPS, use unencrypted HTTP as a default, or link from secure HTTPS pages to unencrypted HTTP pages. HTTPS Everywhere fixes these problems by rewriting requests to these sites to HTTPS, automatically activating encryption and HTTPS protection that might otherwise slip through the cracks. <\/p>\n
Our goal is a universally encrypted web that makes a tool like HTTPS Everywhere redundant. Until then, we have more work to do. Protect your own browsing and websites with HTTPS Everywhere and Certbot, and spread the word to your friends, family, and colleagues to do the same. Together, we can encrypt the entire web. <\/p>\n
<\/p>\n