Everyone knows that as technology progresses new techniques and norms come along to make it safer and cheaper. The internet is no different. Achieving the same speeds that were top of the line 10 or 15 years ago now only costs a fraction of what it did then. The continual march of technology transformed things that were once thought remarkable (with a remarkable price tag) and offered on only a few models like surfing the net on your phone to consumers expecting to be able to access the internet via their mobile phone for an ever decreasing price tag.
Encryption has become an important role of browsing the internet. Several different industries rely on robust encryption, not only to keep their end users’ information private while transferring information but also to safeguard against hacking attempts.
Encryption standards and protocols have evolved as well. HTTPS has consistently been replacing HTTP (and S-HTTP) as the go to protocol for secure communication. HTTPS is a shortened term for HTTP over TLS or over SSL. TLS is an acronym from Transport Layer Security and SSL is from Secure Sockets Layer. Both of these provide secure communication between two computers and are not differentiated when HTTPS is mentioned.
However, as is the case with many forms of technology those that do not have extensive understandings of the ins and outs may find themselves lost. Getting your website secure with HTTPS is no different. In tests conducted by the Electronic Frontier Foundation (EFF) they found that the typical time to get a website authenticated and install a HTTPS certificate was 1-3 hours. And that was for an adept web developer.
Someone with minimal knowledge of web development may have quite a learning experience ahead of them- if they are able to do it at all.
Introducing Let’s Encrypt- How the Interwebz is Supposed to be
After being announced in late 2014, a new project launched last month is trying to change all of that. Let’s Encrypt has the goal (and potential) of making HTTPS the norm across all of the world wide web. The process takes just one click of the button.
Let’s Encrypt was created by it’s parent organization, Internet Security Research Group (ISRG). This group was founded in 2014 when the EFF began working with University of Michigan. Other leading members of ISRG include individuals from Mozilla, Akami, Cisco and CoreOS. Let’s Encrypt is has several sponsors including IdenTrust who will cross sign ISRG’s root certificate for the time being.
One thing that gives this new protocol such power is that it’s open source. Via Debian, netizens can test and alter the code. Using this method, Let’s Encrypt is sure to be a strong certificate authority with minimal vulnerabilities. In a further effort to strengthen their project, ISRG will also be publishing regular transparency reports and use free and open software and standards as much as possible.
However, being able to attain their goal of the standard for encryption on the web will take more than being strong and reliable- it must also be easy to use. The developers of ISRG have this covered as well with Let’s Encrypt. Instead of taking the aforementioned 1-3 hours to get a typical HTTPS certificate, receiving one from Let’s Encrypt will take only one click or command and 30 seconds of your time.
Another obstacle that prevents the maximum amount HTTPS usage as possible is cost. Paying for the certificate has often times not been cost effective. This is especially true for websites with low traffic. There is nothing more affordable than free. Through Let’s Encrypt automated software those interested in having a secure site can not only get it done in less than a minute but also do it for free.
The next steps for Let’s Encrypt
It is ISRG’s hope that by making HTTPS widely accessible and affordable through Let’s Encrypt that HTTPS can be the universal web standard. Having all websites secured with Let’s Encrypt will drastically reduce tracking performed by companies as they attempt to get a full portfolio on your likes and browsing habits in order to either sell your information or target ads aimed at you.
Encrypting with HTTPS, especially an open source variety, will also limit governments’ abilities to perform mass dragnet surveillance across the web. Besides this HTTPS also reduces the risk to the end user by making it substantially more difficult for hackers to inject malicious script that will infect the user’s computer with malware just upon loading the page.
The project went live on September 14th when Let’s Encrypt certificated it’s own site to prove that the new certificate authority is for real. ISRG is in the process of issuing certificates to domains who took part in its beta program before going fully live.
If you take your privacy as seriously as we do, then you should follow @LiquidVPN
You can follow the author @FreelanceTony
Share the good news!