By Cody Laska,
Tech & Innovation Writer
“Frankly it’s irresponsible how much of our information goes flying around the web in the clear. Anyone can just pull it down and read it.” This quote taken from a recent interview with Josh Aas on Wired.com, captures the sentiment of the latest initiative from the Internet Security Research Group (ISRG), Let’s Encrypt. With the objective of bringing free HTTPS encryption to all websites in an effort to offer additional protection for web users, the current third-largest certificate authority has raised the number of encrypted page visits from 38.5 percent to 42 percent; a growth rate of around 1 percent per month.
This growth rate is perpetuated by website creation organizations such as WordPress.com, OVH, Akamai and Dreamhost who choose to protect all of their users with HTTPS using a bulk application option. HTTPS options before regular HTTP websites in part of Google’s continuing attempt at making the web more secure. Currently issues still remain in the HTTPS system. An example can be found in the conditions released by Google relating to the indexing decision: “It (the web result in question) doesn’t contain insecure dependencies.” This raises an issue for pages that rely on or include things such as insecure images, embeds and videos.
Also, with HTTPS becoming the new norm there are new forces finding ways to take advantage of users that think they are safe.
Tech security firm, Trend Micro, recently reported that there was a banking Trojan horse hacking scheme being perpetrated by cyber criminals who were taking advantage of HTTPS connections. The cyber criminals launched ads through an unnamed website that landed the user on a destination site which was controlled by the thieves. Once on the site, the criminals would then use the same type of encryption to install the virus.
The response offered by Aas of Let’s Encrypt is passive in nature; yes bad people use his product to take advantage of the unsuspecting, but “(An HTTPS) certificate is only a small part of their plan, and taking it away wouldn’t really change what’s going on.”Let’s Encrypt is able to offer its services for free given corporate sponsorship from firms such as Cisco, Google and Akamai. However, people are late to the game with taking advantage of the unforgeable certification: the majority of pages are still viewed through traditional HTTP servers and an alarming 65% of online transactions are done through unsecured internet protocol.
Ultimately this trend will become more prevalent given Google’s most recent attempt at making the web more secured and the original problems of HTTPS certification being simplified by the ISRG. Start-ups and companies that rely on search engine optimization (SEO) for a majority of their publicity will have no choice but to fully encrypt their sites if they want their businesses to survive. Google may be known as the original collector of big data and they may have even removed the “Do no evil” clause from their company motto, but they will be one of the primary forces driving the use of HTTPS certification and ultimately making the internet a more secure place.
A version of this article appeared in the Tuesday, April 26th print edition.
Contact Cody at