The padlock icon is our friend. We've all been trained to look for it in the address bar of our browser, especially when we're shopping online, logging into our webmail, or accessing sensitive information from our bank. But shouldn't secure browsing be the rule, rather than the exception? A project called Let's Encrypt wants to encourage just that, starting in mid-2015.
Now, most popular websites do use secure hosting, in the form of HTTPS—that's a version of the web's underlying HTTP protocol that also incorporates the Secure Sockets Layer (SSL) encryption technology, or its successor Transport Layer Security (TLS). Google enabled HTTPS by default back in 2011; Yahoo made it the default for its mail service in January of this year; and Twitter has been using secure connections as far back as 2012. Yet according to the most recent numbers from the Trustworthy Internet Movement, only 24 percent of 151,000 popular websites should considered secure based on their implementation of SSL/TLS.
Here's the thing: setting up a secure website is a pain. Even for the technically minded folks who don't mind getting hip-deep into arcane command line tools, configuring and enabling the features that ensure encrypted communication is a complicated process that involves requesting cryptographic certificates, installing them, and making sure that they remain current.