Slashdot Mirror

← Back to Stories (view on slashdot.org)

2016 Saw A Massive Increase In Encrypted Web Traffic (eff.org)

Posted by EditorDavid on from the securing-the-electronic-frontier dept.

EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.
Chipping Away at National Security Letters: 2016 in Review
Everybody Wants To Rule The World (Wide Web): 2016 in Review
Fighting for Fair Use and Safer Harbors: 2016 in Review
Secure Messaging Takes Some Steps Forward, Some Steps Back: 2016 In Review
Most Young Gig Economy Companies Way Behind On Protecting User Data: 2016 In Review
Dark Skies for International Copyright: 2016 in Review
Congress Gives FOIA a Modest but Important Update For Its 50th Birthday: 2016 in Review
Our Fight to Rein In the CFAA: 2016 in Review
The Patent Troll Abides: 2016 in Review
DRM vs. Civil Liberties: 2016 in Review
The Fight to Rein in NSA Surveillance: 2016 in Review
The Year in Government Hacking: 2016 in Review
What Happened to Unlocking the Box? 2016 in Review
Top 5 Threats to Transparency: 2016 in Review
Technical Developments in Cryptography: 2016 in Review
This Year in U.S. Copyright Policy: 2016 in Review
Open Access Rewards Passionate Curiosity: 2016 in Review
Censorship on Social Media: 2016 in Review
Defending Student Data from Classrooms to the Cloud: 2016 in Review
Protecting Net Neutrality and the Open Internet: 2016 in Review
U.S. Trade Representative Gets Piracy Website Listing Notoriously Wrong
HTTPS Deployment Growing by Leaps and Bounds: 2016 in Review
Defending the Digital Future: 2016 in Review

4 of 91 comments (clear)

  1. Yes but by Artem+S.+Tashkinov · · Score: 3, Interesting

    It would have been all great if governments couldn't exert power over certificate authorities. The reality however is different.

    We need a universally adopted system which doesn't allow to circumvent the process of issuing certificates or at least protect against rogue certificates - then we may sing praises.

    1. Re:Yes but by SuricouRaven · · Score: 3, Interesting

      Governments can do that, but not nearly so easily. If they use bulk interception that way, the site operator may well notice eventually - it's trivial to check for. Just contact a few random site users and ask them what cert hash they are seeing. It also destroys trust in the CA, which means people switch to another on that cannot be so easily compromised by that specific government.

      SSL and a CA system doesn't make it impossible to monitor individuals, just makes it impossible to monitor entire populations without a substantial risk of detection.

    2. Re:Yes but by FeelGood314 · · Score: 3, Interesting

      Certificate transparency (CT) is making it unlikely any CA will ever issue a certificate to anyone other than the legitimate owner of a site. The risk of getting caught is nearly 100%. Once CT gets some added auditing features built into the browsers even the NSA will have difficulty preventing a target from knowing they have been presented with a fraudulent certificate. https://en.wikipedia.org/wiki/Certificate_Transparency/

  2. Google is the reason by yuvcifjt · · Score: 5, Interesting

    As much as I hate and disdain the spying empire Google; private companies only thought about adopting https because of Google's hint of ranking sites based on utilising https encryption.

    Anything Google does is for its own selfish purpose, not for the good of humanity - so the reason for the push towards https is so that Google (almost alone) has analytics and information about site visitors and the amount of money e-commerce and such sites are making. Without encryption, countless other firms (such as alexa) was capturing user analytics through approaching different providers, and often directly from ISP's.

    Remember, Google's trackers are almost ubiquitous (unlike facebook), so they want to own alone the vast amounts of info on users and organisations - and then use this info to either catalogue people and/or sell this to evil companies/organisations, such as insurance firms and governments.

    Information is power, user information is even more power, especially if you alone hold that data.