Many websites around the world are still suffering from the nasty little bug called Heartbleed that we covered last month. This prompted over 30,000 TLS/SSL certificates to be revoked and reissued, but many of them were reissued with the same keys. If this was going to happen, why revoke and reissue them in the first place? They’re still just as vulnerable as before, since Heartbleed could have leaked those same keys weeks ago.
Nonetheless, some encryption is far better than no encryption. There has been some talk of encrypting the entire Internet, but is such a feat even possible? Most websites that deal with sensitive information, such as credit card numbers or passwords, use SSL/TLS to protect this data from hackers. But, most sites only use it for that. Very few websites, such as Gmail and Facebook, encrypt every aspect of their site.
According to Matt Cutts, a Google search professional and head of the spam team, the entire Internet should utilize the same encryption for everything. That’s right. Everything. He suggests that Google prioritize sites that use encryption over those that don’t, and it makes sense. You want your users to feel safe, something that is next to impossible on the Internet without proper protection. This would cause an avalanche of websites to get SSL/TLS certifications, and lead to an overall increase in the security of the Internet. However, the idea is controversial, and certainly no small feat, and Google has nothing to announce as of yet.
Out With the Old, In With the New
The difference between an encrypted network (HTTPS) and an unencrypted network (HTTP) is fairly simple: the encrypted networks protect the information passing between a server and your computer. This makes it so that hackers can’t access that information and do all sorts of nasty things to your computer or network. However, that’s not all that HTTPS is good for. It can also verify the content that you’re downloading is coming from where it says it is, and not from a rogue computer bent on ruining your Internet experience.
An encrypted Internet could put a stop to anyone trying to pull the wool over your eyes online. Sometimes, you might be visiting a website and get redirected to a page that looks just like the one you are trying to visit, but without an encryption. This is a tool used by hackers to steal information from you. Other, more devious methods of abusing this fake page can be seen by governments or employers to gather incriminating evidence. This sounds fairly unethical, and wouldn’t be possible with HTTPS encryption.
Why Wouldn’t You Want Encryption?
Unfortunately, the main issue with HTTPS encryption is that it can be pretty expensive, depending on what you need. An SSL/TLS certificate can cost anywhere from $10/year to $1,000/year, depending on the level of security you need. The encryption can also cause a decrease in speed on your site, causing user experience to suffer. Overall, the benefits of using encryption (basically keeping your site safe) is too good a thing to pass up.
What are your thoughts about a completely encrypted Internet? Do you think it’s possible? Let us know in the comments!