This week has seen great progress in the effort to encrypt the web. Wikimedia, Microsoft’s Bing search engine, reddit, and the Federal Bureau of Investigation each announced plans to protect their site visitors by using secure HTTPS connections by default – or already have already adopted this policy.
We’ve been talking to some of these organizations for years about the importance of delivering secure access to every user, and we’re thrilled that they’ve recognized its importance and taken this step. (Wikimedia, at least, will also use HSTS to enhance security.)
Using an HTTPS connection helps protect the privacy of what people are doing online – making them more willing to read and write about controversial topics.
It stops network operators from easily snooping on users’ reading habits, profiling the users’ activity within sites, invisibly altering or censoring web site content, or even injecting malware.
Every month shows new reasons that these protections matter, whether it’s governments snooping on the Internet backbone, governments coopting site content to attack site users or other unrelated web sites, or ISPs inserting tracking and ad content into web pages.
These sites join others that have gone all-HTTPS, including other major search, webmail, and social networking sites.
It’s a thrill to see the enthusiasm and momentum behind ubiquitous HTTPS today, including a recommendation from the U.S. CIO to use it on all Federal government web sites, a recommendation from the World Wide Web consortium’s Technical Architecture Group for its widespread deployment, recognition by the United Nations of encryption’s role in protecting free expression, and of course the progress of our and our partners’ own efforts to roll out the Let’s Encrypt Certificate Authority in September.
Let’s Encrypt will make it cheaper, easier, and faster for every site to turn on HTTPS.
HTTPS alone can’t stop all Internet snooping and user profiling, and we need more research on how to protect communications metadata.
But each of these sites is used every day to communicate about sensitive, private, and controversial topics, and now their users will be better protected.