In February of 2017, statistics from multiple large internet companies revealed that half of all internet traffic was encrypted. This marks a huge turning point in the movement to encrypt the internet. The use of the HTTPS protocol encrypts internet traffic, making it harder to conduct surveillance, censorship, content hijacking, and cookie stealing. While HTTPS does not hide which websites are being browsed, it does help hide what specific content content a user is viewing or posting. When browsing with the HTTP protocol, a user’s ISP, government, and hackers are able to view exactly what content is being downloaded and uploaded. HTTPS also helps to authenticate and verify a website and it’s owner using a cryptographic public key.
Privacy advocates and groups, such as the Electronic Frontier Foundation (EFF) and Let’s Encrypt, celebrated the news. “The significance of this tipping point really can’t be overstated,” co-director of the New America Foundation Ross Schulman told Wired. “Billions of users will start to regularly experience a web that is more encrypted than not,” co-founder of Let’s Encrypt John Aas said when interviewed by Wired. “Expectations for security will continue to rise, and as a result we expect to see sites move to HTTPS even faster than they have been.” Let’s Encrypt is a non-profit organization which operates an automated free and open certificate authority, and has provided to people free of charge millions of digital certificates, which are needed to enable HTTPS on websites. The project was created by the EFF, Mozilla, and the University of Michigan, and is operated by the ISRG. It became the largest supplier of certificates back in October of 2016. They have since gone on to issue over 28 million certificates, a large portion of which were certificates issued to sites that were previously unencrypted, and were getting a certificate for the very first time.
Google has been tracking the prevalence of HTTPS use since 2015, obtaining data from Google Chrome users who opt to share their usage statistics with Google. By 2015, half of all of the internet traffic of Chrome users on Linux, Mac, and Chrome OS was encrypted, according to statistics Google released in a transparency report. By February of 2017 Chrome users on Windows and Android had also reached the point where half of their internet traffic was encrypted. The latest statistics from Google also show that for users of Chrome OS, nearly 75% of pages are loaded over HTTPS, and Chrome users on Mac were also increasing their use of HTTPS. Mozilla also recently released their user statistics. Their data indicates that the mean amount of Firefox users’ encrypted internet traffic has exceeded the mean amount of Firefox users’ unencrypted internet traffic.
Many websites still do not use HTTPS, and some often only partially support HTTPS. Some sites use unencrypted HTTP by default, or may use HTTPS and link to unencrypted content over HTTP. The EFF and Tor Project have teamed up to create and maintain a browser extension called HTTPS Everywhere, which is available for Firefox and Chrome, and comes bundled with Tor Browser, and it can help fix these problems by rewriting requests to the HTTPS version of a site, and help make sure HTTPS is used whenever possible. The Firefox extension also includes the SSL Observatory, which can be activated to help detect and warn about man-in-the-middle attacks, insecure connections, and attacks on your browser. Another browser extension available to Firefox users is HTTP Nowhere, which blocks all unencrypted traffic in the browser.