Redefining the internet: the move toward full encryption
Two events over the last week have signaled the huge changes that are redefining the internet: WhatsApp is finally rolling out end-to-end encryption for its one billion users around the planet, albeit in the face of some criticism.
Then there was WordPress’ decision to join the Electronic Fronter Foundation’s HTTP Everywhere project, to start using Let’s Encrypt(as I have been doing myself in my page in Spanish for the last month or so), and has announced a free update to HTTPS for the more than one million domain names hosted at WordPress.com. Given that WordPress had already converted all pages with their own domain to HTTPS in 2014, and that this is the web’s most popular content management system, with more than 60 million pages and a 23.3% share of the 10 million most important sites, this means that a large percentage of the web and its users’ communication will be encrypted from now on.
I’ve been arguing for some time now that the future of the internet depends on all information and communication within in it being completely encrypted. It may seem paradoxical, but the only way to protect the ideal of an internet open to all information is by encrypting that information. Steady improvements in protocols such as SPDY and HTTP/2 have gradually leveled the playing field between encrypted and non-encrypted traffic. The only problem with the Transport Layer Security (TLS) today is that it isn’t used by enough people, everything else can be optimized. Google’s decision to take into account a page’s secure connection when ranking its relevance has also been a key factor.
The process is unstoppable: all kinds of services, including the most popular, are using encrypted connections. Those that haven’t already done so will soon be obliged to by the simple dynamics of the market: if you have a website, whatever it is, get used to the idea and get on with encrypting it and tell your IT people to get on the issue as soon as they can.
And as users, we must also do our bit. If you haven’t done so already, install an HTTPS plug-in on your browser and start demanding that the pages you visit most often provide you with a secure connection. The days when information travelled the net in open unencrypted packets that anybody could see are over.
(En español, aquí)