I have long been a proponent of the Electronic Frontier Foundation’s HTTPS Everywhere campaign. Using HTTPS for all websites, whether you are exchanging personally identifiable information or not, simply makes sense.
I don’t say this out of some concern about Big Brother and the NSA watching me. I say it because the average, everyday user expects privacy.
When average Jane sits down at a coffee shop and uses the free WIFI she would get really upset if a stranger started looking over her shoulder and watching what she was doing and what websites she was accessing.
What she doesn’t realize is that I could sit in my car in the coffee shop parking lot and use a free program like Wireshark to spy on everything she is doing without her ever knowing. That is, unless she is using encryption.
One of the best things users can do to protect themselves is use a VPN service. A VPN encrypts all of the traffic in and out of your computer. Some people use a VPN to connect remotely to their work intranet. Others use it to to protect their privacy or to anonymize their web browsing. But we are talking about average Jane here who has never even heard of this magical VPN thingy.
This is where HTTPS comes in. It doesn’t cost her anything and all internet browsers can do it right out of the box. Not only can it help prevent someone from snooping on her browsing, but it also ensures she is connected to the website that she thinks she is connected to.
For example, everyone has at some point typed a website URL incorrectly and ended up someplace else. If that someplace else is a malicious website attempting to pass as the legitimate site you can more easily identify it by looking at the site’s encryption certificate, or lack thereof.
So why don’t everyone’s websites support HTTPS? Because encryption certificates can be expensive. Fortunately, there is a great organization called the Internet Security Research Group. They have a free and open certificate authority service.
But wait, it gets even better! The Certbot from the Electronic Frontier Foundation makes it incredibly easy to enable HTTPS on your website and automatically provision (and renew) certificates from Let’s Encrypt.
Thanks to Let’s Encrypt and Certbot, I’ve now changed my website over to HTTPS. Now everyone else should too. Let’s Encrypt and Certbot make it so easy there really aren’t many excuses that can be made for not doing it.
For more information, check out: